Before I founded HackerOne, I used to be a penetration tester. One of the reasons we started the company to begin with was that we believed we needed a scalable model that would apply to every organization on this planet, and that would also be affordable for everybody on this planet. As you pointed out, penetration testing, our consultancy, has been very expensive.
We believe that the more the company has to protect, the more they need security. Because of that, everybody on this planet should be able start their own vulnerability disclosure program. At HackerOne we have offerings that are free for open-sourced and community organizations. We have help or products available for people to establish that process for their organization, even without any incentives on the platform itself. By that, we believe we will enable every organization on this planet to improve their defences against a data breach.