Except you can't give security vulnerability details to everybody until you have a patch ready (and I certainly wouldn't argue that you should allow paying for earlier access to the patch). On the other hand, when you have a business relationship with somebody, with non-disclosure agreements in place, you can tell them more details much earlier.
Yes it is. If you disclose early to a select group, you are by definition delaying details to everyone else.
The paid early disclosure stuff used to exist all over the place, and it was a joke in terms of it being immediately leaked to those in the know.
reply