This weekend, a security consultant detailed what he believed were serious vulnerabilities in Uber's software - and his disbelief that the company's bug bounty program refused to pay him for his research. Unfortunately, it's a story without heroes.