That’s very different than what the OP question is about. Both are called “bounties” though.
One is getting paid to write code that fixes bugs or adds functionality to open source projects. (Pays very little and we suspect nobody makes a living from)
The other is doing security research and reporting on vulnerabilities. Here typically no fix is provided. You are paid for the discovery. Plenty of good researchers make a living on these security bounties
One is getting paid to write code that fixes bugs or adds functionality to open source projects. (Pays very little and we suspect nobody makes a living from)
The other is doing security research and reporting on vulnerabilities. Here typically no fix is provided. You are paid for the discovery. Plenty of good researchers make a living on these security bounties