Some software companies offer "bug bounties" to hackers and others in an attempt to close security holes in their products, in effect "farming out" the detective work to those wily rascals who might otherwise wreak havoc. It's a good idea, except that there is more cash - a lot more - changing hands for these exploits. This is not even in the black market; this is in a sort of gray market where "middle men" can make quite a bit handling the transfer of information. The exploits do eventually get to the companies concerned - after a bit of a markup. How about $250,000 for an Apple iOS exploit?