[sneak]

Security professionals of this caliber often make $37k in monthly compensation, each and every month. That's only $230/hour. If you can do work like this, your consulting rate is at least that for penetration testing.

Bug bounty programs are a bad deal for researchers. The payout for this bug is absurdly low.

[BeefWellington]

Yep. On the hiring side, you can absolutely see this when you get someone's resume. A person with in-industry experience will often not list their HackerOne profile (if they even have one), while students mostly do in my experience.

Payouts are a joke and progress is slow. It wasn't that long ago people were overwhelmingly just arrested or threatened for reporting these kinds of things but thankfully that's becoming rarer.

The amounts for these bounties though seem to be a token gesture and not much else, especially considering the damage someone could have caused with this.