Yago Hansen, a Spanish hacker with experience in the sector, explains how the exchange works: “You tell the vulnerability to these companies and they assess it according to the exploitation capacity it has.” When the company acquires the vulnerability, it turns it into an exploit, a malicious program to take advantage of the discovered flaw, and incorporates it into its commercial offer.
https://elpais.com/tecnologia/2019/05/28/actualidad/1559031474_402185.html
