> There's an entire industry now of people that check known vulnerabilities (so they don't invent anything themselves) in software/packages and cross check this against outdated websites, at a very large scale.

If it's easy, then more the danger, and more the reason to pay the white hats instead of getting robbed by black hats?