Well today I stumbled into this
http://www.zerodayinitiative.com" onclick="window.open(this.href);return false;
it s a company that buys 0days from hackers and security researchers and pay them money depending on the type of the vuln and the exploit but all this in a legal way