Reports this week suggest that vulnerability information is being sold on eBay.

Not only is this a bad thing in terms of access to vulnerability information by undesirables, but it indicates a flaw in the system. Somewhere, the incentives for doing the right thing are just not there. The report does not state clearly what is being sold - it may be a vulnerability report, or, worse a full exploit. Going from one to the other requires some time and skill, if ready-to-go exploits were available cheaply, I would expect infection rates to rise.

The original report is available at Techdirt.