Is ROI the right method to measure bug bounty value? Check out the cost-benefit analysis of ROI vs. ROM.