Gunther,
The bugs I am referring to are not necessarily security exploits, but are mostly pinned-down functionality related issues.
Occasionally, I end-up spending an ungodly amount of time fighting issues that are undocumented bugs.
When contacting TAC with my findings, sometimes long and arduous verification and replication of the issues takes place.
When the findings are confirmed to be a bug with no existing SK, and you are told that it will be remedied in the next version or if it results in CP pulling their AMI from AWS from instance, I suppose it qualifies for the bounty.
I do not seek those on purpose, but am stumbling on them frequently enough in the course of my normal work.
When it is costing me in terms of non-billable time, it bugs me (pun intended).