What's valuable is fixing security issues. So if you "hack" some system and then provide either patches or useful guidance on how to eliminate a vulnerability that is helpful. By contrast, if a security issue is already known/is being addressed, exploiting that vulnerability just causes problems and wastes people's time.