Had to brag a little, because I’m a bit pleased with myself. The first ever “Hack the Pentagon” bug bounty program kicked off Mid April (the 18th?). I submitted several flaws within the first 24 after feeling i had fished out the easy shit.
At the time of the screenshot, I have 8 verified bugs. You don’t want to know how many duplicates I had (sigh). Despite this being an ‘invite-only’ private bounty program, there was a lot of media hype and a lot of participation. The scope was slammed within the first hour.
This is my major ‘gripe’ about bounty programs. The competition is ridiculous. The first few days are where the real meat will be found, and the majority of findings are within the first few hours. This means that whoever sees the program go live, has the best chance.
These programs lack an overall structure that makes it REALLY hard to compete through programs like hackerone and bugcrowd.
I’ll stop whining now. My goal with the program was to hit the top 10. Didn’t think i would, but….i’m happy to have been wrong!!!!