The tweet suggests that most bug bounty hunters are not willing to pay for a complete WAF bypass, only for impactful vulnerabilities. This behavior may be driven by the hunters' focus on finding high impact vulnerabilities and their reluctance to share detailed information about bypass techniques. It reflects the importance of prioritizing critical vulnerabilities in WAF assessments and the challenges in sharing knowledge within the bug bounty community.
For more insights, check out the original tweet here: https://twitter.com/irsdl/status/1784847263782580650