At least it seems that they won't assign CVE IDs and credit researchers without compensating them at all (which is what happened when I reported CVE-2024-27811, for example):
> We want those researchers to have an encouraging experience — so in addition to CVE assignment and researcher credit as before, we will now also reward such reports with a $1,000 award.
> We want those researchers to have an encouraging experience — so in addition to CVE assignment and researcher credit as before, we will now also reward such reports with a $1,000 award.