How the market for zero-day vulnerabilities works

Zero-days -- bugs that are unknown to both vendors and users -- are often weaponized by governments, criminals, and private arms dealers who sell to the highest bidders. The market for zero-days means that newly discovered bugs are liable to go unpatched until they are used in a high-profile cyberattack or independently discovered by researchers who'd rather keep their neighbors safe than make a profit. (more")