Ashley King writes about an experience with bug bounty:
“I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program.”
Have you checked out the bug bounty opportunities? You don’t necessarily have to be a code wizard to try this; victory goes to the person who notices the right thing. Read the article linked above to see how Ashley did it.