There are various approaches to bounty hunting, and auditing in general.
In this post I’ll explore a bounty hunting strategy that uses static analysis to quickly scan through multiple projects to find indicators. You then manually go through each finding to see if there are any vulnerabilities.