Hopefully the result of this revealed information will encourage companies to raise the prices they offer for reporting/fixing security critical updates. It's a shame that the legitimate route pays 1/10th to 1/25th of the alternative. Particularly since the illegitimate route is basically selling coding services to a government agency in a lot of cases (albeit closer to cracker than hacker), which some people do anyways as a part of their normal coding jobs.