Red team training, developing countermeasures and signatures, researching attack heuristics, and if "counter hacking" will ever be legalized (which there is some push to do so) then in the same manner as owning a gun legally shooting back.
Also FYI probably the first large scale broker of exploits was TippingPoint/HP (i don't remember if this thing started before or after HP acquired TippingPoint), they would buy exploits develop signatures for their IPS products then notify the vendors of the affected products and later disclose the vulnerability to the public.
http://www.zerodayinitiative.com
