msm1267 writes: There are a lot of echoes of the disclosure debate in the current discussions about vulnerability exploit sales. The commercial exploit market has developed relatively quickly, at least the public portion of it. Researchers have been selling vulnerabilities to a variety of buyers–government agencies, contractors, other researchers and third-party brokers–for years. But it was done mostly under cover of darkness. Now, although the transactions themselves are still private, the fact that they’re happening, and who’s buying (and in some cases, selling) is out in the open. As with the disclosure debate, there are intelligent people lining up on both sides of the aisle and the discussion is generating an unprecedented level of malice.