Almost all OOS issues in bug bounty are in scope in pentesting.
1/n
Why would I want then to spend my time working for free and be one of the thousands of others looking at the same specific assets? Unless you're in the top 5%
2/n
Why would I want to be at the mercy of the mood of a triager who can decide that a critical is informative?
3/n
Why would I want to spend days or weeks to find a critical, which often pays a fraction of the cost of a pentest?
4/n
It's obvious, I'd want to do that only for fun, after work and after taking care of the rest of the aspects of my life
5/n