How about...
Instead of... "offer to pay a bug bounty equivalent to TEN times the price companies are willing to pay for the security flaws, and then make them public after a patch has been developed."
...how about, make them automatically public one month after the purchase, to make damn sure that a patch gets developed in the mean time!
I know ... I'll get my coat.