Which companies facilitate payment in return for vulnerability disclosure?

In the 'white' sense, the most well known companies that pay researchers to buy vulnerabilities or exploits are:

• Zero Day Initiative (ZDI) by TippingPoint: http://www.zerodayinitiative.com/
• iDefense http://labs.idefense.com/vcp/
• iSight https://gvp.isightpartners.com
• SecuriTeam http://www.beyondsecurity.com/ssd.html
• Netragard http://snosoft.blogspot.com/2010/03/recent-news-on-forbes-about-our-exploit.html
• Several exploit research companies like COSEINC and Immunity also buy from researchers, although it's not advertised very much.

Certain companies like Mozilla and Google have established bug bounty programs - they buy vulnerabilities of their software themselves.

Charlie Miller (famous exploit developer) has written a small paper on the topic - it's an interesting read: The Legitimate Vulnerability Market: The Secretive World of 0-Day Exploit Sales (2007)

The bug bounty programs and competitions like pwn2own come to mind.

Would not be an exhaustive list but large companies that offer bug bounties:

• Google: http://blog.chromium.org/2010/01/encouraging-more-chromium-security.html

• Mozilla: https://www.mozilla.org/security/bug-bounty.html

• Facebook: https://www.facebook.com/security?v=app_6009294086

Microsoft is a notable exception.

You could also get a research grant from Universities and the government.

I'd say it has a lot do to with the order of operations:

Extortion:

• find vulnerability
• contact company and demand payment

Tiger Team:

• contact company and negotiate contract
• find vulnerabilities

Unless there's bug finding program set up already, attempting to find vulnerabilities and hacking look pretty much the same without a pre-existing contract.

I know a few independent/small company consultants who manage to make a living working as a tiger team for companies. I'd say the hardest part is getting the reputation, so you can make a case to the company that you should be the person they pay for this work.