What are the downsides to participating in a bug bounty program (if any)?

For companies or individuals?
This The downside for company :
1. Increased Security Risk: Participating in a bug bounty program may increase the security risk for a company, as it allows outside researchers to identify potential vulnerabilities in their systems.

2. Cost: Participating in a bug bounty program can be expensive as companies have to pay bug bounty hunters for valid reports.

3. Legal Complications: Companies may face legal complications if they are found to be in violation of any laws or regulations related to their bug bounty programs.

4. Reputational Damage: Companies may suffer reputational damage if a bug bounty hunter publicly discloses a vulnerability before it is fixed.

This The downside for individuals :
The downside for individuals participating in a bug bounty program is that it can be very time consuming and the rewards are not always guaranteed. Additionally, depending on the program, individuals may have to sign a confidentiality agreement with the company they are doing the work for, which could limit the individual's ability to share their findings with the public. Finally, there is always the risk of not finding any bugs at all, which can be a waste of time.

I don't see any downside if it's handled in a streamlined fashion. There should be a closed communication between someone who has identifed a bug and the team which is fixing this.