Sure there is no perfect solution here. I guess it’s a good idea to only pentest companies that do have a bug bounty program and an expressed interest in you pentesting.

While I enjoyed the article that GP referenced and agreed with most thing I thought the “hacking bad” take was a bit off.