I honestly think this is what free market economics will get us, due to the high barriers to selling on the black market (ethically, legally, and logistically). The bug bounty targets with high payouts from the company line up roughly with the ones with high payouts on Zerodium etc.
As I stated elsewhere in the thread, I'm not honestly convinced the fallout from a company being breached is that high, which leads to the current pricing for bug bounties. Twitter stock is massively up from when their incident happened in July. We'll see what happens with SolarWinds.
> I'm not honestly convinced the fallout from a company being breached is that high
The market clearly doesn't care, and so neither do executives. What needs to happen is a household company gets exploited/hacked/pwned/whatever so hard that their entire business collapses, maybe not entirely but significantly. Then the market will price these breaches very differently.
Zerodium is one of several companies that buys exploits and sells them to governments. This route supposedly pays more than public bug bounties, but with different secrecy etc requirements.
As I stated elsewhere in the thread, I'm not honestly convinced the fallout from a company being breached is that high, which leads to the current pricing for bug bounties. Twitter stock is massively up from when their incident happened in July. We'll see what happens with SolarWinds.