If all companies moved to Rust tonight you'd still need bug bounty programs. Most companies hire people who can quickly produce algorithms or do mundane boiler plate code while communicating well within the company. They aren't hiring people who can spot a OOB write or UAF bug or never write one in the first place... IBM and Google are mild exceptions, and even there it's a hand-full of people tucked away in a separate space....
Also, Mozilla and Chromium devs have no interest in porting JIT engines to Rust, and this is what's mostly being attacked. The stuff you see in headlines doesn't even touch anything with ASLR, DEP, CET, MTE, or CFG. I think v8 has some form of pointer authentication, and that's about it... There will be at least five new JIT RCE or escalation bugs by the the end of this business week, and some of them will be exploited in "the wild".. You'll find no mailing list discussions about porting to Rust or even adding something like MTE; just keep the fuzzers running and pay people peanuts for disclosures...