Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?