It seems people misunderstood.The post from louis88 they are referring to talks about a totally different vulnerability. He wrote about a vulnerability that could affect anyone who simply visits the site, probably a minor vulnerability like an IP leak.
The one he is asking the bug bounty for is a very critical one. He got access to 1.2B SPS tokens in the validator software. Imagine if a malicious hacker had access to that amount of tokens, they could have drained the whole SPS liquidity pool and dropped the price to zero.
Also, people are using penetration test prices as a reference, which is wrong. A penetration test is paid hourly, whether they find a vulnerability or not. In bug bounty the work is done for free, and payment is only made if a valid vulnerability is found.
RE: SPS Governance Proposal - Pay Bug Bounty to louis88