You are right, but that could (probably not) make them go for the bad route because they would get way more money that way. 4k for a bug that could take control of your customer account sounds disrespectful to me.

Yeah, my read is that the teenage hacker confronted with this ridiculous payslip sees two ways forward: accept the pay cut for the CV benefit of working with bug bounties, or get a bit better at hiding your ass and make them really pay.

If I were 16, I’d be thinking I just made an obscene amount of money ($4,000!) messing with computers for fun, and got to meet people at a famous company.

That’s a free car. Free computer. Uber eats for months.

And my status with my peers as a hacker would be cemented.

I get that bounty amounts are low vs SE salary, but that’s not at all how my 16yo self would see it.

When I was sixteen I was already familiar with the concept of leverage. I’m not sure if I’d have had the cajones to use it though.

Playing devils advocate but 4k is probably more money than most kids that age have seen in their life

> That's 1-2% of an annual SE salary for someone with similar skillset.

I agree $4,000 is way too low, but a $400k salary is really high, especially for security work.

> That's 1-2% of an annual SE salary for someone with similar skillset.

So commensurate for approximately 2 days of work, a little high for two hours of work, and a little low for 8 days of work.

And this will help them land that six figure job

I mean, as a hiring manager, a fresh grad with multiple bug bounties tells me a lot about their drive and skill, so I'd agree. It's a great differentiator.

market value is the same regardless, so this was pathetic