"If looking for security vulnerabilities is your shtick, go around Twitter and look for reputable projects, read their source code (99% are open-source), and go look for vulnerabilities. A lot of them pay handsomely especially if you actually found a critical vulnerability."

Yes, this is more along the lines of what I'm looking to do; I understand it's very competitive - I guess my follow-up question would be some good tutorials explaining spotting vulnerabilities, how to find them any other useful resources.