Question

Bug bounties are a great way to gain experience in cybersecurity and earn extra bucks. But the industry has been getting more competitive. As more people are discovering these programs and getting involved in hacking on them, it’s becoming increasingly difficult for beginners to get started. That’s why it’s important to pick a program that you can succeed in from the very start.

漏洞赏金计划是获得网络安全经验并赚取额外收入的绝佳途径。但是该行业变得越来越竞争。随着越来越多的人发现并参与其中，越来越难让初学者入手了。因此，选择一个能在一开始就成功的计划非常重要。

Before you develop a bug hunter’s intuition, you often have to rely on low-hanging fruit and well-known techniques. This means many other hackers will be able to find the same bugs, often much faster than you can. It’s therefore a good idea to pick a program that more experienced bug hunters pass over to avoid competition. You can find these underpopulated programs in two ways: look for unpaid programs or go for programs with big scopes.

在你拥有“虫子猎手”的直觉之前，你通常需要依赖易于发现的漏洞和众所周知的技巧。这意味着许多其他黑客可以更快地发现相同的漏洞，甚至比你还要快。因此，选择一些有经验的虫子猎手忽略的程序来避免竞争是个好主意。你可以通过两种方式找到这些少有人参与的程序：寻找未付费的计划或寻找范围大的计划。

Try going for vulnerability disclosure programs first. Unpaid programs are often ignored by experienced bug hunters, since they don’t pay monetary rewards. But they still earn you points and recognition! And that recognition might be just what you need to get an invite to a private, paid program.

试着先参加漏洞披露计划。有偿计划常常被经验丰富的漏洞猎人所重视，而无偿计划则常常被忽略。但是无偿计划依旧可以为您赢得积分和认可！并且可能正是这些认可让您获得邀请参加私人有偿计划的机会。

Picking a program with a large scope means you’ll be able to look at a larger number of target applications and web pages. This dilutes the competition, as fewer hackers will report on any single asset or vulnerability type. Go for programs with fast response times to prevent frustration and get feedback as soon as possible.

选择范围广的项目意味着您可以查看更多的目标应用程序和网页。这会稀释竞争，因为较少的黑客会报告任何单个资产或漏洞类型。选择响应速度快的程序以防止沮丧并尽快获取反馈。

One last thing that you can incorporate into your decision process is the reputation of the program. If you can, gather information about a company’s process through its disclosed reports and learn from other hackers’ experiences. Does the company treat its reporters well? Are they respectful and supportive? Do they help you learn? Pick programs that will be supportive while you are still learning, and programs that will reward you for the value that you provide.

你决策过程中还需要考虑的一件事是项目的声誉。如果可以，通过公开报告收集关于公司的信息，并从其他黑客的经验中学习。公司是否公正尊重举报人？他们是否支持举报人学习？选择那些在你学习时能够提供支持和为你提供价值回报的项目。

Choosing the right program for your skill set is crucial if you want to break into the world of bug bounties. This chapter should have helped you sort out the various programs that you might be interested in. Happy hacking!

选择适合你技能的程序非常关键，如果想要进入漏洞赏金的世界。本章应该帮助你筛选出你可能感兴趣的各种程序。祝你愉快的黑客之旅！