My own , small, experience with MSRC is indeed their bug bounty program is not good, they take any possible opportunity to avoid payouts.

this means that a lot of genuine bug bounty hunters just won't look at MS stuff and MS avoid getting things fixed, instead other attackers will be the ones finding things, and they likely won't report it to MS...