Here’s a thought: pay security researchers, and get the pay from a variety of sources:

According to Herman Zampariolo, CEO of WSLabi, We decided to set up this portal for selling security research because although there are many researchers out there who discover vulnerabilities very few of them are able or willing to report it to the right people due to the fear of being exploited. Recently it was reported that although researchers had analyzed a little more than 7,000 publicly disclosed vulnerabilities last year, the number of new vulnerabilities found in code could be as high as 139,362 per year. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a fair price for their findings and ensure that they will no longer be forced to give them away for free or sell them to cyber-criminals.

— Finally a Marketplace Site for Security Research, WabiSabiLabi, Tuesday, 03 July 2007

It’s not clear to me that they would be "forced" to sell them to cyber-criminals, but this should give them incentive not to. And WSLabi first verifies who the researcher is and replicates the exploit independently before packing and marketing it, thus reducing chances of fraud or mistaken identification.