NSS Labs released a new study looking at the 0day vulnerability market. The research calculated how many exploits purchased through open iDefense Vulnerability Contributor Program (VCP) and HP TippingPoint’s Zero Day Initiative (ZDI). The 2 projects are widely known for purchasing zero days so this attracts security researchers to provide the exploit and allows them to make some money.
The report showed that it is very difficult for software developers to cope with security vulnerabilities. Despite all security testing lifecycle it is often found products with critical vulnerabilities that discovered when the program is released for customers.
As you can see in the chart that on certain product there is a jump in the number of vulnerabilities compared to the last 10 or 5 years. NSS Labs assume that purchasing all exploits will cost companies less if we look at the losses due to cybercriminal activity and looking to collaborate with all companies in the vulnerability research projects to improve overall products security.
You can find the report here: https://www.nsslabs.com/reports/ivpp