I find Bug Bounty Programs quite an interesting process.
Imagine having a bank/supermarket and telling people to test the security by attempting to rob it and report back.
Banks do actually do that—at least some of them. Sneakers’ portrayal is a bit overdramatic, but that concept is very real. But you have some very specific contracts in place when you do that stuff.
That’s cool! I didn’t know that :D
Although while on bug bounty you should not attempt to actually rob the bank, but maybe finds way to rob and report the plans that might actually work. If possible you should build your own bank from the plan of your target and try to rob your own banks before reporting back to the actual bank. Bug bounties program are not free pass to run actual exploit against a system.