How much of this job is gaslighting?
I am a beginner by the way, i'm a first year computer engineer student and started 5 months ago, finally making good bucks. i've found a handful of high's only so far.
The thing about reporting on hackerone (ig any other platform) is how much the report itself matters... it's almost as if i'm some sort of vendor trying to sell my findings.
Also i had the honour last week to visit a friend of mine, expert hunter i'd say. he showed me his reports, and in between the bigger bags, i noticed lots of low level bugs going from 20 euros to 150 or something. He was kind enough to let me read those, although he was understandably confused as why i was more interested in his low level's rather then the critical ones.
I just saw dumb path discolosures, server banner reveals, some security header shenanigans, and a few self xss here and there. What striked me was his ability to formulate his findings, looking like prime saul goodman.
When i see a low level vulnerability, i ignore it cause i just think "who cares this is useless" when in reality i shoud've been making a powerpoint presentation about it with cool transition effects !!!
Anyway i'm not trying to demean my friend, his ceiling is so high and he's really talented and i doubt i'll ever reach his level. nor am i trying to demean any of the big dogs here
i guess i dont understand reporting bruh. Maybe i should read about cases where low level bugs were the bottom bricks of a jenga tower... anyway, peace and blessings chat