Because an employee feels that a lot of people have an entitled view towards security payouts as opposed to just reporting them because its the right thing to do...this means that that Yahoo has a bad attitude towards security?
I felt like if there is a company culture where everyone understands that security vulnerabilities can be costly then there wouldn't even be a discussion about security researchers being entitled, there would be a good bug bounty program in place from the get go. Maybe my logic is flawed but to me no bug bounty program says we really don't care enough about this and it's not a big priority, we'll just let/hope people do the right thing and report problems because that's how big internet companies do things in 2013.
That's how I see things from the outside, I don't have any inside information and it could very well turn out they have most of their staff working on software testing and security.
Could you please explain your logic there?