Measuring the severity of the problem is difficult because of the lucrative black market in zero-day exploits. A handful of boutique exploit providers—Endgame Systems, Exodus Intelligence, Netragard, ReVuln and VUPEN—control the market, and buyers, according to Stefan Frei of NSS Labs, pay on average $40,000 to $160,000 for an exploit (depending on the software affected and the reach of the zero-day offers).

The Economist - J.M.P. March 28, 2014