Except you can't give security vulnerability details to everybody until you have a patch ready (and I certainly wouldn't argue that you should allow paying for earlier access to the patch). On the other hand, when you have a business relationship with somebody, with non-disclosure agreements in place, you can tell them more details much earlier.