>There are companies that spend hundreds of millions of dollars per year and have thousands of people in their infosec program that don’t have bug bounty programs.

Such as?