That is not what it says. They only said they had no bounty program to attract people to try and find bugs. That does not mean companies are not willing to compensate you if you find and report a bug in their system. I think 150k was well worth it, but the guy just worded it in the worst possible way.