Questions

1. What are some differences between third-party marketplaces such as Bugcrowd and bug bounty programs offered by individual companies?
2. Is it worth it to participate in programs that reward vulnerabilities with swag? Why or why not?
3. What's a private bug bounty program?
4. What are some resources you can use to find programs not covered in this chapter?
5. What makes a site more or less attractive as a hunting ground for reward-eligible bugs?
6. What is coordinated vulnerability disclosure?
7. What steps can you take to minimize your legal liability during a pentesting session?