Desired Effect Launches First Vuln/Exploit Ethical Market - Brings Defenders to the Pre-Attack Buying Pool, Strips Attackers of Cheap Exploits and First-Mover Edge

Business Wire

23-04-2025

SAN FRANCISCO & BALTIMORE--(BUSINESS WIRE)-- Desired Effect, the first ethical market vulnerability management exchange that disrupts the cybercrime supply chain and offers pre-attack exploit intelligence, has launched the Desired Effect Marketplace, which lets organizations and independent researchers legitimately and legally transact for zero day exploits that impact any organization or business. The Desired Effect Marketplace gives defenders true, immediate, pre-attack zero day insight, offers independent researchers better compensation and recognition for their work, and drives up the cost of the adversary's critical tooling by breaking up their current monopoly on access to exploits.
We deliver disruptively superior intelligence feeds by getting closer to the source. We elicit/leverage cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers – stripping attackers of first-mover advantage
Share
Desired Effect is emerging from stealth for the RSA Conference 2025, and is now successfully analyzing content and processing transactions between independent researchers and early customers.
Desired Effect CEO and Founder Evan Dornbush, a former NSA cybersecurity professional and successful entrepreneur, said: 'We deliver disruptively superior intelligence feeds because we get closer to the source. We elicit and leverage cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers.
'By offering an efficient, transparent marketplace, we normalize the buying and selling of zero day exploits, which has until now taken place in disparate and opaque markets at a disadvantage to everyone except the attackers.'
The Desired Effect Edge
Desired Effect lets subscribers acquire deep, real-time research data on future zero day exploits tailored to their unique tech stack - data that highlights the precise technology at risk and enables immediate protective action. Further, for the first time in a commercial offering, once vetted they can also choose to buy the exploits from the researchers, either alone, or in crowdsourced pools. Defenders can then take immediate protective action. Cybersecurity researchers can use the Desired Effect Marketplace to gain access to an ethical marketplace that lets them derive both recognition and compensation levels that honor and reflect their contributions to the community.
Attackers are stripped of both the perpetual first-mover advantages they've enjoyed and the extremely low acquisition and operating costs that have allowed them to amass fortunes through theft.
One investor says, 'Cyber threat intelligence (CTI) and vulnerability management are focused on understanding and mitigating potential IT risks by sharing past and present threat behavior. Desired Effect lets organizations understand pre-emergent threats – reframing these cybersecurity categories.'
How Desired Effect's Marketplace Works
For Defenders: Desired Effect gives defenders access to zero day vulnerability data and exploit products tailored to their unique tech stack, via its early-warning Cyber Threat Intelligence feed powered by an exploit marketplace unique in the industry. It elicits and leverages cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers, who can either purchase the exploit intellectual property outright, or crowdsource with others to outpace adversary budgets.
For Independent Researchers: The Desired Effect Marketplace opens an important new pathway to compensate and recognize independent cybersecurity researchers for the outsized impact their discoveries and contributions have on the security postures of the organizations they assist, and our collective societal defense. Unlike current avenues, researchers set their own terms to include price, acceptable buyer demographics, optional public recognition for the finding, and IP assignment.
For Vendors: A downstream benefit of the Desired Effect Marketplace is that defenders can alert technology vendors to vulnerabilities and issues with their products far earlier in the cycle, enabling faster fixes. Vendors are also invited to become subscribers to gain timelier awareness of vulnerabilities and their potential for exploitation.
For Attackers: It doesn't.
Customer and Investor Comments:
Dornbush also shared enthusiastic feedback and results achieved by beta customers, such as one of the big four accounting firms, a bank holding company with more than $200 billion in held assets, and a cryptocurrency exchange.
One customer says: 'The pain of threat intel is that it's damn near impossible to make operational. When you get something from Desired Effect, you know it's actionable, not academic.'
Another says: 'Your marriage of market data and the capability of the exploit against a customer's unique environment is a special and valuable offering.'
Dornbush added: 'Over the last decade, exploits have been readily available, cheaply and without competition, in sketchy shadow markets, allowing criminals with marginal skill and budget to amass fortunes using cheap exploits, putting both defenders and researchers at a disadvantage. The Desired Effect Marketplace upends that dynamic by allowing those most likely affected by exploits - i.e. the defenders – to achieve the earliest threat intelligence possible, while bringing researchers out of the shadows and into fairer compensation and well-deserved recognition.'
To learn more about Desired Effect membership plans, visit: http://www.desiredeffect.io
About Desired Effect
Desired Effect provides all members with the earliest possible warning of vulnerabilities that could impact business operations via the technology they use, and the option to remove exploits from circulation. It provides researchers with the world's first open, ethical marketplace.
Desired Effect normalizes the research, discovery and procurement of zero day exploit data and if desired, the exploits themselves. It provides legitimate and legal means for researchers and defender organizations to transact and work together. Go to www.desiredeffect.io for more information.