Single-sourced:
- looking mostly for common-ish vulns
- not competing with others
- incentivized for count
- payment guaranteed and quality check based on approximation
Crowdsourced: - looking for vulns that aren’t as easy to find
- racing vs. time
- competitive vs. others
- incentivized to find unique bugs
- payment based on impact not number of findings
- 1st party bug bounties = Google Paypal, etc
- 2nd party bug bounties = Bugcrowd, H1, Synack, etc
Because competition is introduced; when working in a bug bounty it is essential to have templates set up for your "most found" classes of vulnerabilities. Obviously custom vulnerabilities will always be custom writeups, but having a template for ones that come up often is essential. Protip: always remember to change the URLS and domains in the templates. Nothing will get a bug invalidated faster than stating the wrong domain or URLs in a report.
When desigining these templates there are two really great resources to read: