Question

Bug bounty programs: are they all the same? Finding the right program to target is the first step to becoming a successful bug bounty hunter. Many programs have emerged within the past few years, and it’s difficult to figure out which ones will provide the best monetary rewards, experience, and learning opportunities.

漏洞赏金计划：它们都一样吗？找到适合的计划是成为成功的漏洞赏金猎人的第一步。在过去的几年里出现了许多计划，很难确定哪些计划会提供最好的货币奖励、经验和学习机会。

A bug bounty program is an initiative in which a company invites hackers to attack its products and service offerings. But how should you pick a program? And how should you prioritize their different metrics, such as the asset types involved, whether the program is hosted on a platform, whether it’s public or private, the program’s scope, the payout amounts, and response times?

一个漏洞赏金计划是一项倡议，其中公司邀请黑客攻击其产品和服务提供。但你应该如何选择一个计划？如何优先考虑不同的指标，例如涉及的资产类型，计划是否托管在平台上，计划是公开还是私人的，计划的范围，支付额度和响应时间？

In this chapter, we’ll explore types of bug bounty programs, analyze the benefits and drawbacks of each, and figure out which one you should go for.

在本章中，我们将探讨不同类型的漏洞赏金计划，分析它们的优点和缺点，并确定你应该选择哪一种。