[lccarrasco]

People worried about the morality aspect could sell the exploit, donate the money and report the issue to the manufacturer anyways.

[doopy1]

I don't think Zerodium payouts are lump sum... I believe they are staggered in order to mitigate against this stuff.

[tptacek]

So far as I know, essentially all grey market vulnerability sales are tranched, which is an important consideration when comparing bounty payouts to the grey market.

[DSingularity]

What makes you think the seller’s donation is going to counterbalance the harm of his now-weaponized exploit?

[krater23]

The report to the manufacturer with the remark that there is a existing weaponized exploit will lead to a much faster fix. And why you are so sure that there was no weaponized exploit out there before?

[DSingularity]

So you are okay with submitting the exploit on a silver platter to people who murder dissidents because “you can’t be so sure that there wasn’t an existing weaponized exploit”?