[lukezli]

Just to add my own experience since there seems to be some interest. The first bug I found in Apple I just ran across while developing an app (http://blog.appgrounds.com/content-blockers-track-browser-hi...).

I've gotten bug bounties from Facebook/Google/Firefox by applying fuzzing to open source projects, using AFL/Libfuzzer. I'd say that fuzzing open source projects are a good, easy way to start security research since its relatively low barrier to entry and can pay good dividends.

Anyways, hoping to get a response from someone I can interview for my project! Please drop me a line if you can help. Happy to answer more questions.