This sounds like they are a known figure in the project and are offered consultancy jobs. When I had a company that is what I did when I needed something fixed. It was not cheap either. The point being yes it is possible but it is not a bounty board like in the city town hall.
Anyway I find it a bit weird the topic is asked at all. Why didn’t the OP just cold contacted committers?
Can you elaborate? Who are these people? What kind of bounties do these people go after? Do they work on lots of small bounties or focus on a few big bounties? Do you personally know these people or are you just talking about the security researchers who discovered high impact issues in iOS?
I know some of them in person as I'm involved in the bug bounty scene myself. What they work on varies depending on skill set and interest. I do not personally know any security researchers with high impact vulnerabilites in iOS but those people get paid millions and you'll never hear about them.
What I do know is that they tend to sell their exploits through exploit brokers like Zerodium.
That’s very different than what the OP question is about. Both are called “bounties” though.
One is getting paid to write code that fixes bugs or adds functionality to open source projects. (Pays very little and we suspect nobody makes a living from)
The other is doing security research and reporting on vulnerabilities. Here typically no fix is provided. You are paid for the discovery. Plenty of good researchers make a living on these security bounties
Big money like that is only made one way, security vulns in "software or hardware of interest", sold via brokers to 3 letter agencies (or much less scrupulous actors from time to time).
Anyway I find it a bit weird the topic is asked at all. Why didn’t the OP just cold contacted committers?