Why would you try to find vulnerabilities and exploits on a domain without having explicit authorization instead of going through a bug bounty program?

I've seen a couple of posts recently talking about vulnerabilities they found on a website they didn't have authorization to pentest and wondering what they should do with this information.

I think this is kinda problematic since asking for compensation in exchange of the solution is considered extortion.

Could there be any advantages doing it this way instead of a bug bounty program? For example a bigger reward?

submitted by /u/Chrizis
[link] [comments]

from hacking: security in practice https://ift.tt/Q3Zwaq4