[tayo42]

I tried this, maybe I just suck. But my experience was pretty bad. It seems swarmed by people in 3rd world countries running scripts endlessly already. If you do find something there is still the chance the company will find a way out of it. The whole thing felt like a scam in a way, people show off their massive payment bug find, but in reality its hours of work for almost no payout

[glitchcrab]

My experience tallies with this, used to work for a hosting company and we got plenty of emails from guys in India, Pakistan etc who had 'run burp suite against X and found Y'. We had no bounty program as we were fairly small fry so we said thanks and fixed the bug. You can't compete against the volume. And the big payouts take a lot of time and skill to find and exploit.

[KomoD]

Yeah, those are beg bounties (not a typo) https://www.troyhunt.com/beg-bounties/

[KomoD]

> It seems swarmed by people in 3rd world countries running scripts endlessly already.

For the same surface-level stuff, yeah. Other, in-depth issues, not so much.

> people show off their massive payment bug find, but in reality its hours of work for almost no payout

They don't advertise it as some "get money quick" thing just because they show off their payouts.

I occasionally find issues which make me $100, $200, $300 for a few minutes of work, it's not much but it's something.