This is true because you heard it's true, or because you know it's true? Raytheon definitely has a lot of people on staff who are at least peripherally involved in vuln dev. That's not the same thing as having a staff full of exploit developers. You get peripheral involvement in vuln dev just by doing malware reversing, which is pretty low on the food chain, and something the government definitely (firsthand) spends money on.
I can also confirm that Raytheon is building up this capability (although less so than Northrop and Lockheed).
If you're curious what companies are actually committing to vulnerability dev you can search any cleared jobs site for "offensive"; the companies that have listings are who you'd imagine them to be (minus a couple placement firms that just put people right at the Fort).
At least three different people I know are significantly involved in that area. You probably know some of them too. I detest them for the ethics of it, and keep my distance as a result, but there's no question what they do and where the money comes from.
