So, what is your proposed solution for people who find security vulnerabilities in systems?
Keep in mind these vulns are worth money in the black market.
If the gov't stops prosecuting the security experts for selling the vulnerability on the black market (but instead, only prosecute those who use it for illegal purposes), then the security expert can find out the true value of a vulnerability.
This makes the company with said vulnerability pay the true price for it - may be even just purchase it on the black market and outbid the "bad guys". Or pay someone to fix it asap before it's sold.
I suspect that decent bug bounties, and therefore engendering more competition between white hat and black hat activities is probably the best way to go.
This makes the company with said vulnerability pay the true price for it - may be even just purchase it on the black market and outbid the "bad guys". Or pay someone to fix it asap before it's sold.