Super interesting way to look at it! Though I think you could make the argument that they're also more expensive because their potential impact is so much huger because of the size of the user base? i.e. maybe noone cares about Firefox vulns because if you land one you're only going to hit some tiny percentage of users.