Security News > 2020 > January > Bug bounties won't make you rich (but you should participate anyway)
Commentary: There's a lot of hype about bug bounties, but here's some truth.
The thing that gets hackers hungry for bug bounties is the dopamine rush when they spend just a few minutes hunting for bugs, find one, report it, and seemingly get "Money for nothing." The problem is this rarely happens for most people.
Reneging on payouts: "You find a vulnerability, the asset is in scope, it's valid but the company claims it was a mistake. This will usually enrage you further when you return later and they went ahead and fixed the bug anyway."
Slow payments: "Sometimes you can wait weeks and months for your bug to be triaged, and even longer for it to be rewarded."
More, including haggling over whether serious vulnerabilities are viewed or treated as such by the company paying out bounties.