Re: This happens all too often
That's exactly the issue with slippery bug bounty rules.
If, as a company, you run a bug bounty scheme properly and pay for valid submissions (and then go and amend your code), you can improve your code.
If, on the other hand, you keep changing rules to dodge payments, many bounty hunters will think "screw it" - or worse: sell it elsewhere. The result is that security issues get out into the open, and the code of the site remains vulnerable. The company achieves the exact opposite of what bug bounty schemes are intended to achieve: they become more vulnerable, faster than they would if they didn't have any bug bounty scheme to begin with.
Uber, like many others, seem to think a bug bounty is a marketing stunt. Well, wait until it backfires.