Bug-bounty programs can sometimes say as much about an organization's willingness to work with external security researchers to identify and fix security vulnerabilities in their products as it does ...