ROI for Bounties for Discovery of Application Vulnerabilities Appears Too Compelling to Ignore