I have no idea. I don’t do them. I’ve read about them. They seem easy enough for someone with gobs of IT experience (like myself and others) but never have done them. Definitely do not depend on them for your living. I think they should be extra income in addition to your reliable income.
Bug bounties are really just glorified QA testing. In fact, that’s all security really is, a very focused form of testing. That’s why they call it pen-testing.
Full disclosure, I’m making a cluster in my room to help automate the search for bug bounties, just a hobby.
Definitely learn to code. I’m sick and tired of hearing pentesters brag about never having to learn how to code as if that is something to flex on.