Aren't we seeing lots instances of the server-side model playing out? e.g., Company XYZ announces they've been breached and leaked XXX million user's data?
I could see an argument here towards the market price of the information -- breaching a company in the above scenario might get you zilch. Breaking an iOS device of an individual of interest gets you a lot of value.
Circling back though -- you're saying that this model isn't one in use. Do you agree with my real-life counterpoint? If so, why wouldn't there be a market? Or, is the market there and the low payouts from the likes of Zerodium reflect the actual low value of the product (and by extension, business model)?
There isn't a "low" payout on Zerodium for these bugs; there is no payout for them. Zerodium explicitly will not buy bugs in individual websites. Every vulnerability Zerodium will buy has a half-life.
I could see an argument here towards the market price of the information -- breaching a company in the above scenario might get you zilch. Breaking an iOS device of an individual of interest gets you a lot of value.
Circling back though -- you're saying that this model isn't one in use. Do you agree with my real-life counterpoint? If so, why wouldn't there be a market? Or, is the market there and the low payouts from the likes of Zerodium reflect the actual low value of the product (and by extension, business model)?