I signed up for the popular bounty program because I was looking at implementing it in a public institution, and I wanted to see what the experience for them would be like. The plan was to approach the platform about us opening it to regional colleges so that we could a) scale our threat hunting capability with locally grown talent b) create an incentive across the sector for patching, and c) create a talent funnel in the local region to get young people with tech skills interested in working in public service.
On the application I said my skills were a bit rusty because I hadn't done pro pentesting in about a decade, and the platform ignored it and wouldn't respond to followups. The institution has moved on to other priorities and the window to drive that change passed, but if there are any upstart platforms interested, a specialized version for regional public sector services that yields the outcomes above is still an opportunity. If the incumbent platform is starting to act like the incumbent, this may even be the bigger opportunity.
On the application I said my skills were a bit rusty because I hadn't done pro pentesting in about a decade, and the platform ignored it and wouldn't respond to followups. The institution has moved on to other priorities and the window to drive that change passed, but if there are any upstart platforms interested, a specialized version for regional public sector services that yields the outcomes above is still an opportunity. If the incumbent platform is starting to act like the incumbent, this may even be the bigger opportunity.