Comment by ajross
12 hours ago
Bug bounties don't reflect the market impact of the vulnerability though, just the amount needed to incentivize white hats to do research they wouldn't otherwise (or that they would target to other platforms that pay higher bounties). You need to look at market prices for zero days on the black market to get closer.
Bug bounties reflect what companies are willing to pay to find bugs. Mythos would have to be more expensive than that (probably considerably so) to not be worth its cost. If you are saying that finding bugs has significantly more value than reflected by bug bounties, then that strengthens my point.