I work for a startup. Not one of those few heavily-funded startups, but a regular startup with barely enough funding to scrape by in the first few years. Like most startups.
$150,000 is just ever so slightly more than two-tenths of one percent of my startup's annual revenue.
Asking an average startup to pay $150,000 for a security bug is like asking security researchers to work for $0.10 an hour.