yaworsk

how many employees were hackers before joining the H1 team and how do they stop themselves from doing bounties at work?

I can attest that Web Hacking 101 is a great book. Also check out https://hackerone.com/blog/how-to-hunt-for-injection-vulnerabilities, https://www.facebook.com/notes/phwd/facebook-bug-bounties/707217202701640 and for shameless self promotion https://www.torontowebsitedeveloper.com/hacking-resources

Bingo :)

What happens if that program has outstanding, valid reports with hackers?

Are password managers the future? What about the recent compromises of their software (e.g., lastpass, 1password) - does that change anything or just come with the territory given perfect security is unattainable?