An international vulnerability purchase program would pay competitive prices for zero-day vulnerabilities. Cybercrime and cyber espionage result in hundreds of billions of dollars in losses each year globally, NSS Labs says. 80 percent of vulnerabilities today are reported to software vendors for free by security experts. The remaining vulnerabilities are purchased by vendors or end up on the black market, where cybercriminals can easily buy them. A global bug bounty program already exists, “it’s just run by the black hats,” co-author of the report says.”]