The reality is that most people's thoughts on bug bounties are from salacious headlines talking about those $1M vulnerabilities. In reality the average bug bounty submission is a machine translated report for a low severity issue in a web app that may or may not even exist (or be a vulnerability), sprayed at hundreds of companies (or the same company a hundred times) in the hopes of earning $500 to basically do currency manipulation.