Markets for zero-day exploits (software vulnerabilities unknown to the software vendor) have a long history and a growing popularity. We study these markets from a revenue-maximizing mechanism design perspective. We first propose a theoretical model for zero-day exploits markets. In our model, one exploit is being sold to multiple buyers. There are two kinds of buyers, which we call the defenders and the offenders. The defenders are buyers who buy vulnerabilities in order to fix them (e.g., software vendors). The offenders, on the other hand, are buyers who intend to utilize the exploits (e.g., national security agencies and police). We study the problem of selling one zero-day exploit to multiple defenders and offenders. Our model has a few unique features that make it different from single-item auctions. First, an exploit is a piece of information, so one exploit can be sold to multiple buyers. Second, buyers have externalities. If any defender wins, then the exploit becomes worthless to the offenders. Third, if the auctioneer discloses the details of the exploit to the buyers before the auction, then they may leave with the information without paying. On the other hand, if the auctioneer does not disclose enough details, then the buyers cannot determine how valuable the exploit is. Considering the above, our proposed mechanism discloses the details of the exploit to all offenders at the beginning of the auction. The defenders will receive the information slightly delayed. The offenders bid to prolong the delay and the defenders bid to shorten the delay. We derive the optimal mechanism for single-parameter valuations. For general valuations, we propose three numerical solution techniques. One is based on iterative linear programming and the other two are based on neural networks and evolutionary computation.

零日漏洞（软件供应商不知道的软件漏洞）市场有着悠久的历史并且越来越受欢迎。我们从收入最大化机制设计的角度研究这些市场。我们首先提出了一个零日漏洞利用市场的理论模型。在我们的模型中，一个漏洞被出售给多个买家。有两种买家，我们称之为捍卫者和进攻者。防御者是购买漏洞以修复漏洞的买家（例如，软件供应商）。另一方面，违规者是打算利用漏洞的买家（例如、国家安全机构和警察）。我们研究将一个零日漏洞出售给多个防御者和攻击者的问题。我们的模型有一些独特的功能，使其与单件拍卖不同。首先，漏洞利用是一条信息，因此一个漏洞利用可以出售给多个买家。其次，购买者具有外部性。如果任何防御者获胜，那么利用对攻击者来说就变得毫无价值。第三，如果拍卖师在拍卖前向买家披露了漏洞利用的细节，那么他们可能会带着信息离开而不付钱。另一方面，如果拍卖师没有披露足够的细节，那么买家就无法确定漏洞利用的价值。考虑到上述情况，我们提出的机制会在拍卖开始时向所有违规者披露漏洞利用的详细信息。防御者会稍微延迟收到信息。违规者试图延长延迟，而防御者则试图缩短延迟。我们推导出单参数估值的最佳机制。对于一般估值，我们提出了三种数值求解技术。一种基于迭代线性规划，另两种基于神经网络和进化计算。