A few answers to your questions
The disclosure policy by each company specifies the guidelines that you have to follow and abide by if you’re participating in the program. The vulnerabilities that you identifying will be sensitive and organizations expect responsible handling of those vulnerabilities and not disclosing it in public. The policy takes care of these.
You have to report the bugs as per the format and disclosure policy specified the each organization
The vulnerabilities reported by you will be verified and acknowledged by the security team of the organization. Once they fix the vulnerability you will be compensated with the appropriate rewards
SafeHats VRP is open to individuals as of now. Keep checking this space to check the updates.
You can submit your profile by signing up for SafeHats program. We’ll reach out to verify your profile. Once you are successfully onboard, you will start to receive invitations for VRP program which matches your profile.