Happy Eid Adha Mubarak!
Hi folks,
In this story, I am speaking as me, seif, as it is a true story between me and the bug bounties. My main goal here is to answer this question: Why I should continue or not continue doing bug bounty.
It has been months since I found my last security bug in Facebookās bug bounty program; they rewarded me a lesser amount than they were supposed to according to their policy, and since then, I have been messaging them in the ticket daily, weekly, and monthly, without any replies from them till this moment.
It feels miserable when I get no responses for such a long time. I start thinking that they will never replay. What makes it worse is this pain in the chest that I feel for not finding vulnerabilities for such a long time. I wish that I could just punch my laptop and quit.
There is no longer something to motivate me to do this anymore, and I was only passionate at first. Now there is neither motivation nor passion for hacking. Well, it has been nine years, and indeed, this is not the first time I have been in this situation. And I have already figured out a solution for this. But before diving into the solution, I need to answer one question.
Why should I continue doing bug bounty?
I am doing bug bounty because it is the best thing to be done right now.
Alright, but I have not made much money from this for the last few months, and it makes me more depressed over time. Why do I continue doing it?
Because I am not doing it for money.
Listen, money is not always a good thing, and what I believe is that my God does not allow me to acquire a lot of money right now for my own good. As I have nine years of experience and am always trying to mimic my idol hackers, I am assured that I donāt have the type of experience lacking that stop me from finding vulnerabilities for such a long time. So all I need to do right now, is to not stop doing bug bounty and to keep developing in different ways.
I am certain that my God can give me a heck lot of money, but it might cause me problems instead of good. E.g., in my masterās degree when I needed money, I found more bugs than usual, which helped me in paying my education and living expenses. If my father was still alive, I might have not found those bugs as my father would pay for me instead.
So, there is a better reward for me for continuing to do my job for and from my God, and it is not just money. There is good health, family, happiness, and friends, and there are the ultimate rewards in the afterlife.
As a God believer it is normal to be tested on my beliefs.
Well, will I do bug bounty in the future?
I do love hacking; if hacking was a person, I would marry her. But as I have said before, it is the best thing to do right now. If there is something that I believe is more important than bug bounty, like studying for school, it will take a priority.
Finally, ātime bucketsā (as I call them) The time buckets are three hours that are only for work (or priorities). If the priority is bug bounty, I will do bug bounty, if it is studying, I will study. Usually I split them to multitask, e.g., half the time for hacking and the other half for studying, and for the rest of the day it is optional to study more or to hack more.
It is like the gasoline that I need to put in the air before the fire of motivation comes in to blow up the whole place.
I have tried the one bug every day approach, but I only got to hack weak targets that are not paying well. And other approaches, but it seems that hacking for a fixed amount of time every day works best as it is not engaged with any emotions.
Even if it takes me decades of walking, one day I will certainly arrive as my God will choose the best of all for me.
Thank you for reading, please share your experience and opinion in comments so I and we learn from them, and follow me in Medium and Twitter at 0x21SAFE for future stories!
