Never mind the fact that it does matter to a lot of people whether they are committing a crime. Not everyone is a capitalist sociopath.

If someone without a conscience wanted to maximize their profit, they'd probably just sell to both sides.

One can smash a car up with a sledgehammer. Is the value of a sledgehammer equal to the value of a car?

But what if producing a sledgehammer only cost 50 cents? Then people would sell sledgehammers for a dollar or less.

Rather than torture this analogy further:

Obviously exploit pricing is generally efficient and adheres to free market principles. That said, it's hypothetically possible that an exploit against a large tech company could sell for far more if the circumstances are right, considering the price to damage ratio is so skewed in addition to the unique nature of each exploit.

Therefore, large tech companies don't really have much to lose by paying far more than they currently do on bounties.

Granted, eliminating what's largely a hypothetical edge case is not the primary benefit to paying higher; incentivizing far more white hat researchers is.

Stealing this.

Me too. It really gets straight to the point.

The problem with valuing bugs at their damage potential is that the total damage potential of all bugs in any given product is almost certainly magnitudes greater than the total value of the product itself.