Yep. Some are white hats hoping to either make money or reputation by discovering flaws. Don't think that these flaws don't get discovered; sometimes pentest experts discover flaws and keep them in their arsenal for a particularly difficult assessment. Other times, it's a blackhat who discovers them and sells them in the underground world. If you want to experience a jolt, visit www.exploitdb.com and search for vulnerabilities in your favorite software. And be sure that for every exploit listed, there are a few that are kept hush hush.