This is a crazy argument. HN is a community populated in large part by software developers, most of whom will at many different times in their careers ship vulnerable code they wrote. You're saying that if you start a new company, you should either (a) get your code absolutely perfect, which nobody ever manages to do, including people who go to great expense to try, or (b) be held hostage by extortion schemes to pay greater sums for vulnerabilities lest the discoverers exploit them to cause the most possible damage to your company.
You know who does fine in a world where that's the norm? Facebook. No matter where vulnerabilities get valued at, they will be a rounding error expense to Facebook.
You know who does not do fine in that world? Anyone smaller than Facebook.
Thankfully, that's not the norm in the real world. Unfortunately, the real norm is: if you pay a bounty at all, random people on Twitter and message boards will claim you're being negligent by not paying more for them. The lesson then is: don't offer a bug bounty. All you're doing is attracting negative attention.
You know who does fine in the real world where that's the norm? Apple and Cisco. Really, so does Facebook, despite the bullshit flak they take for their bounties.
You know who does not do fine in the real world? End-users.