Looking at companies like Mozilla that are actively offering money for "critical" security bugs that meet a list of requirements, this is to be expected now. If they can do it, why not anyone else? I...