These kind of deals are making a very robust (white hat) hacker community somewhat wealthy. It is sort of a bounty program for vulnerabilities. It has a varied success track record, some times it has been more a extortion deal. If you don't pay me I will either sit on the vulnerability till someone exploits it, or expose it to the hacker world. Tough call for a business to make.
from CTI Consulting http://ift.tt/1LlWwzJ