What makes a vulnerability saleable? Is this one not valuable because the government clients of someone like Memento Labs don't care about a MITM attack on desktop computers?
Generally the vulnerabilities you can sell for money are ones that somebody can easily use to make money, as part of an existing money-making scheme they have.
If the vuln can’t be used to make money, or the way it makes money requires that a criminal enterprise make up a whole new set of workflows, it’s not going to have much of a market.
If the vuln can’t be used to make money, or the way it makes money requires that a criminal enterprise make up a whole new set of workflows, it’s not going to have much of a market.