We had our first bounty paid yesterday, and it has already been fixed.
I believe the program has the potential to function effectively as a security initiative, and it can benefit from contributions since it is open-source. I am in contact with Shielded Labs, but I have not yet received a response from ZF or ZODL. However, I think Jason can share our ideas with them.