Parity appears to have a bug bounty program, but the bounty is only $100. Given that they've now had two bugs that caused 9-figure losses in the past year, this is clearly too low. They need real auditing, and they need to pay the market price for real auditing.
You are right, but unfortunately, the de-facto bug bounty for unethical hackers is way beyond anything that could be offered to well-intentioned researchers. This makes your suggestion of professional auditing the highest priority.
bug bounties don't compete with crime. crime always will pay more.
bug bounties compete among themselves. Honest researchers will be busy finding some mobile game bugs for $700 a pop or improving security at google or yahoo for up to $10k instead of helping your company save from a 9 figure bug because you only offer $100
I wondered why you didn't mention the maximum, and after checking their website found no other figures besides the $100 minimum.
They do state "Rewards over the minimum are at our discretion, but we will pay significantly more for particularly serious issues, i.e. that the identified issue could put a significant number of users at risk of severe damage, monetary or otherwise."
What they consider significant is anyone's guess. Given the stakes, even a 10000% increase would still be underwhelming for a high impact bug.
Being coy about what they will pay is not going to have the desired effect of attracting bug hunters - it's kind of like Dr. Strangelove: "The whole point of the doomsday machine is lost...if you keep it a secret!"