Comment by Uptrenda

Yep, I came to the same conclusion. The payments from bug bounties and the uncertainty of payment just isn't worth it. It's like taking a fixed prize contract and adding in a gambling element to get paid. Fixed prized I learned was bad enough if you want to make anything as a software engineer. This is even worse though.

I mean, the technical skills in the article here are basic. But the first finding was significantly good luck, and having the background to know to look towards old Google services for the ID to email part was non-obvious. You would need a lot of high-quality, guiding knowledge like that to make bug bounties work. Still, seems like a very high starting cost.