[webmaven]

> I don't think so. Those people get paid whether or not you focus their attention on a perimeter-exposed RCE bug.

Well, okay, but the opportunity cost (ie. the other valuable things they could be doing) is surely something that could have a $ value attached?

[lazyasciiart]

Sure. But if they drop it for this, it was less value than this - and you’ve saved them the time of testing less important things before narrowing in on this bug.