How do you measure Android and iOS bug bounty programs’ effectiveness. Where is the objective measure of that. When and where was the standard established. What is the cutoff line at which an open source project becomes reliable. How do you know that the servers and the libraries that are using, have enough security.

As you see above, without any objective basis and measure, the propositions in your article do not hold.