I believe they provide a good and decentralized means to vouch for features in Free Software projects. It's a directed form of donation that doesn't rely on reputation or other distractions to function, as many would be wary of simply giving money to a random individual, simply because only the end functionality of the request matters.
I see this reason as largely enough on its own to support the general idea, but wonder what any of you have to add to it. It brings a new meaning to the phrase Console Cowboy.
Have you ever participated in a bounty program? If so, was it worth your time and effort? Would you do it again? Have you ever started a bounty request yourself? What's your opinion on the structured platforms for bug bounties?
I think it is a pretty good concept. Mostly because finding exploits used to mean either they thanked you or they threatened you. Now, they realize money is the best incentive and that bugs should be found, not ignored and buried.
As for the actual bounties, I think app exploits are a better avenue than web exploits. There is a large group of people who know web exploits and usually it is very hard to point out a bug several other people haven't already found. But regardless of whether you find anything or not, it still is a pretty fun thing to do in your spare time.