There's also the difficulty of what counts as 'a zero day' for purchasing purposes. An unpatched exploit in any software? Do I need X thousand installs? Are just five enough, if they are paying a lot for it? How do we tally users of other things that are indirectly related to the issue?
People buying them to weaponize them have a fairly straightforward set of incentives(which may vary depending on what they are looking to access, whether they are after money or information, and so on). People looking to buy them for disclosure don't get the same, because virtually any exploit on the market is theoretically within that goal; but actually establishing the value of a specific one is harder unless you go down the troublesome road of defining your priorities(in terms of what systems, users, and activities you consider more or less high priority when assigning a value to exploits that would affect them).
If you are selling dangerous ones, to be used, you'll have some trouble getting repeat customers if your stuff is nonsense or works on things that aren't worth attacking. If you are selling to someone with a 'buy up the exploits' mandate you potentially have much more flexibility to haggle over stuff you more dangerous buyers aren't interested in. In the same vein, various vendors, users, and organizations would be inclined to try to lobby their way up the priority list in order to score an outside QA team.
There are likely some unambiguous cases; but telling the spooks 'do what you think best' is obviously a terrible plan, while trying to codify a reliable and unambiguous set of criteria to be followed seems quite difficult and prone to influence.