That's bs. You will immediately notice the difference when going from let's say 120 hz down to 60 hz on a fast gaming pc even if you're just dragging windows around. Everything feels jarring to say the least compared to higher refresh rates and it has absolutely nothing to do with the CPU. It's because of the refresh rate.
It's same thing going from 120 hz to 60 hz on a phone while scrolling and swiping.
It's quite interesting though that there are people out there who won't notice the huge difference. But hey, at least they don't have to pay premium for the increase performance of the screen.
This sounds like they are a known figure in the project and are offered consultancy jobs. When I had a company that is what I did when I needed something fixed. It was not cheap either. The point being yes it is possible but it is not a bounty board like in the city town hall.
Anyway I find it a bit weird the topic is asked at all. Why didn’t the OP just cold contacted committers?
Can you elaborate? Who are these people? What kind of bounties do these people go after? Do they work on lots of small bounties or focus on a few big bounties? Do you personally know these people or are you just talking about the security researchers who discovered high impact issues in iOS?
I know some of them in person as I'm involved in the bug bounty scene myself. What they work on varies depending on skill set and interest. I do not personally know any security researchers with high impact vulnerabilites in iOS but those people get paid millions and you'll never hear about them.
What I do know is that they tend to sell their exploits through exploit brokers like Zerodium.
That’s very different than what the OP question is about. Both are called “bounties” though.
One is getting paid to write code that fixes bugs or adds functionality to open source projects. (Pays very little and we suspect nobody makes a living from)
The other is doing security research and reporting on vulnerabilities. Here typically no fix is provided. You are paid for the discovery. Plenty of good researchers make a living on these security bounties
Big money like that is only made one way, security vulns in "software or hardware of interest", sold via brokers to 3 letter agencies (or much less scrupulous actors from time to time).
I have a few thousand of streams per month and I make pennies from it. It's not like I care about being demonetized on spotify and losing a few pennies.
I used to play professionally during 2003-2007 until all the poker coaching sites started popping up everywhere. The money was indeed crazy and I was making roughly $400k/year at NL1000 back then. Eventually my winrate started dropping along with all the fish leaving the game and the whole boom died out. I did a year coaching but later decided to leave poker for good.
Good times though and kind of surreal for a 20 something year old dude.
And then you switch to security from being a developer and the imposter syndrome hits you in the face like a truck and you'll realize how easy it was being a developer.
There are countless of tools to use for subdomain enumeration. I personally use subfinder or amass when doing recon on bug bounty targets.