I assume lots of bug hunters (especially those from third world countries or those currently unemployed) depend on the bounty money to support their livelihoods.
That’s a bit like hitting the slots to support your family. Not only do you have slim chances to find anything that pays out a worthwhile sum, even if you do find such a bug they might come back with a “sorry, already reported”. If they get back to you, that is.
This is why I think a third party bug bounty middleman service is inevitable. They will be better equipped to exact appropriate remuneration and develop relationships.
Companies should be trying really hard to avoid this happening by offering better rewards with less hoops to jump through.
Agree. It is a business opportunity. It will have to be a US based company as only those will have enough funding to both fight the legal fights and lobby for legal protection.
For the first few years the company will be considered a level just above common criminals. After a few while, they will be considered an essential consumer protection service.
It’s not something to rely on at all.