The bug bounty policy is a good idea to inform companies of bugs that are within their system. This can result in a more secure system and network and allow for companies to find security in knowing that it is less likely an attack will occur. It is weird to think that some disciplines do not receive as many bug reports as others. Vulnerabilities are always there and it is just a matter of time that some type of hacker finds it and exploits it. However, since finance, retail, and healthcare are one of the most targeted areas, it is more expected that bugs should not appear when doing a report of the system.