Great finds. I always wondered how "White hat" hackers didn't land themselves in legal trouble while probing and toying around with systems like this. How do you ensure you won't be tracked down and legally charged?
Most of us get private invites by the companies themselves or there are already open public bug bounty programs on HackerOne, Bugcrowd, Intigriti etc for anyone to try to hack them within confined scopes.
There are a lot of money to be made if you're good, so there's the incentive as well.
I don't know about the auto industry but web apps post bug bounties on hackerone.
And Google's bounty program reward hackers who will find bugs in apps with over 100 million installs, or in google's open source apps. And they pay up to $30,000 per bug depending on impact.
