Why am I writing this?
It’s been 3 months (to be precise), I have been struggling to choose a bug bounty program for myself to stick on in the long run. It was getting harder for me to choose one program without thinking if this is the one I wanna hunt on. This made me procrastinate quite a bit, where I was trying to avoid the mental resistance of making a difficult choice and start hunting on a program, replacing that time with something (i.e. personal finance & investing) that would not have helped me necessarily in my career. This got me side tracked a bit and completely broke the momentum I had.
I have spent last 2 weeks refining my strategy by reading a few books, this post is one of that generalized methodology I worked on thinking about in last few weeks. The aim of this post is to help myself (and people who might be into similar situation) out of this struggle of choosing a program and simplify the process cross applying the principles I learnt in finance.
This was written for myself. You may or may not find this helpful, take what works for you and leave the rest.
Time Spent Bug Hunting (Aug 2024 to Nov 2024)
Time Spent Finance (Aug 2024 to Nov 2024)
The Root Cause Analysis of Why I’m struggling to choose a program:
- Why am I struggling to choose a program?
- Because I’m struggling to choose one (or a few) out of many:
- I know a lot of good program who pays well, respond well, will appreciate high quality reports - reddit, linkedin, etc. why am I not hunting on them?
- I have a lot of private program invites, I don’t know which one to hunt on.
- There are a lot of programs on platform and off platform, idk which one will be right.
- Why am I struggling to choose one
- From reliable programs list?
- Because I feel the FOMO (fear of missing out).
- Because I feel like I should pick the “perfect” program.
- Because I feel like the grass will be greener elsewhere.
- From all kinds of program overall?
- Because I feel I’ll waste time hunting on a wrong/bad program.
- Because I get overwhelmed/intimidated by the program even before starting.
- Why do I feel intimidated by a program?
- I feel like I should find a program that’ll be worthy of spending time on IMMEDIATELY.
<aside>
💡
Note: This analysis is tailored to my particular case. You should do your own analysis.
</aside>
Dealing with the feelings/emotional resistance
-
Why is it wrong to feel the FOMO?
- The truth you need to know is “you can’t do it all”, if you choose X - you need to let go of Y. You can’t do everything at all times.
- It’s normal to feel this way, all you need to do is to accept that you’ll feel this way.
- Additionally you can always switch to another program you wanna hunt on at any point in time.
- Solution:
- Decide on a realistic number of programs to hunt on at a time. Whatever amount you can handle. Experiment if you don’t know how many programs you can handle at a time.
- Switch program if you feel like it after spending 50 hrs on it and come back later on the primary program.
-
Why is it wrong to feel like “I should pick the perfect program”?
- Perfectionism or all-or-nothing thinking.
- Solution:
- You need to realize that even if a program doesn’t yield immediate results, it’s a success if you learn something new or practice a skill. You’ll see your results compounding over time coz you have earned experience, even if you didn’t earn bounties.
- Think long term, you are in the field forever - little time wasted now is a lot of time saved later.
- It’s okay to give up on a target after let’s say 75 to 100 hrs if you don’t see it yielding anything, neither in terms of experience or bounty.
-
Why is it wrong to feel like “the grass will be greener elsewhere”?
- There are no easy programs. If they were easy, everyone would have been hunting on it. Who doesn’t love easy money? And even if they exists, the likelihood of you finding it easily is not that easy.
- Solution:
- Define a criteria for a “good” program. For example, minimum medium bounty: 500$, response efficiency > 90%, etc. And choose any, doesn’t matter which one. The grass won’t be greener elsewhere - you have to make the best of what you got.
-
Why is it wrong to feel like “I’ll waste my time hunting on a wrong/bad program”?
- “wrong choice” doesn’t not equals “wasted time”.
- Solution:
- Treat each program as a learning opportunity. Even if it doesn’t yield bugs, you’re refining your skills and methodologies.
- Set a time-limited trial. Spend 50 hrs on the program and then evaluate if it still feels right to keep hunting on it.
-
Why is it wrong to feel overwhelmed/intimidated by the program even before starting?
- This happens coz you feel like you should find a worthy program immediately as if it’s all easy. If it takes time finding bugs, it’s also normal for you to take time finding a program.
- Solution:
- Don’t stress if you don’t find a worthy program immediately. It’s okay to switch program until you come across the one you feel like hacking on.
- Time spent looking for a program is not the time wasted, it’s the time invested.
-
Why is it wrong to feel as if I should find a program that’ll be worthy of spending time on immediately?
- It’s not easy, and it’s not supposed to be easy. Not all worthy things comes easy in life, you gotta spend time. It’s not the time wasted, it’s the time invested.
- Solution:
- It’s okay to not find programs immediately.
- It’s okay to spend a lot of time evaluating programs. Realize that it’s part of the process. Finding bugs on a program starts with finding a program first. Making a good choice in program may lead to making a good sum of money in bounties, if not that - you’ll still end up with good experience which will give you great results one day.
<aside>
💡
It’s more valuable wasting time by spending it on doing something (hunting on a wrong program, switching programs, etc), that doing nothing. You’ll gain nothing if you do nothing, you’ll atleast gain experience if you waste your time in the right direction.
</aside>