Desired Effect, the first ethical market vulnerability management exchange that disrupts the cybercrime supply chain and offers pre-attack exploit intelligence, has launched the Desired Effect Marketplace, which lets organizations and independent researchers legitimately and legally transact for zero day exploits that impact any organization or business. The Desired Effect Marketplace gives defenders true, immediate, pre-attack zero day insight, offers independent researchers better compensation and recognition for their work, and drives up the cost of the adversary’s critical tooling by breaking up their current monopoly on access to exploits.
Desired Effect is emerging from stealth for the RSA Conference 2025, and is now successfully analyzing content and processing transactions between independent researchers and early customers.
Desired Effect CEO and Founder Evan Dornbush, a former NSA cybersecurity professional and successful entrepreneur, said: “We deliver disruptively superior intelligence feeds because we get closer to the source. We elicit and leverage cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers.
“By offering an efficient, transparent marketplace, we normalize the buying and selling of zero day exploits, which has until now taken place in disparate and opaque markets at a disadvantage to everyone except the attackers.”
The Desired Effect Edge
Desired Effect lets subscribers acquire deep, real-time research data on future zero day exploits tailored to their unique tech stack – data that highlights the precise technology at risk and enables immediate protective action. Further, for the first time in a commercial offering, once vetted they can also choose to buy the exploits from the researchers, either alone, or in crowdsourced pools. Defenders can then take immediate protective action.
Cybersecurity researchers can use the Desired Effect Marketplace to gain access to an ethical marketplace that lets them derive both recognition and compensation levels that honor and reflect their contributions to the community.
Attackers are stripped of both the perpetual first-mover advantages they’ve enjoyed and the extremely low acquisition and operating costs that have allowed them to amass fortunes through theft.
One investor says, “Cyber threat intelligence (CTI) and vulnerability management are focused on understanding and mitigating potential IT risks by sharing past and present threat behavior. Desired Effect lets organizations understand pre-emergent threats – reframing these cybersecurity categories.”
In the Desired Effect Origin Story blog, Dornbush added: “We forget. This entire industry – every single penny in the $3T marketplace — exists because of the vulnerability research community. If you are reading this, very likely your job would not exist without these unsung heroes. All of it. Built on the backs of that one kid who decides not to believe the hype. The small team that says “we’re going to take this apart and see how it works”, doing research for the love of curiosity.”
How Desired Effect’s Marketplace Works
For Defenders: Desired Effect gives defenders access to zero day vulnerability data and exploit products tailored to their unique tech stack, via its early-warning Cyber Threat Intelligence feed powered by an exploit marketplace unique in the industry. It elicits and leverages cutting-edge research by providing a platform for researchers to ethically sell exploits to vetted buyers, who can either purchase the exploit intellectual property outright, or crowdsource with others to outpace adversary budgets.
For Independent Researchers: The Desired Effect Marketplace opens an important new pathway to compensate and recognize independent cybersecurity researchers for the outsized impact their discoveries and contributions have on the security postures of the organizations they assist, and our collective societal defense. Unlike current avenues, researchers set their own terms to include price, acceptable buyer demographics, optional public recognition for the finding, and IP assignment.
For Vendors: A downstream benefit of the Desired Effect Marketplace is that defenders can alert technology vendors to vulnerabilities and issues with their products far earlier in the cycle, enabling faster fixes. Vendors are also invited to become subscribers to gain timelier awareness of vulnerabilities and their potential for exploitation.
For Attackers: It doesn’t.
Dornbush also shared enthusiastic feedback and results achieved by beta customers, such as one of the big four accounting firms, a bank holding company with more than $200 billion in held assets, and a cryptocurrency exchange.
One customer says: “The pain of threat intel is that it’s damn near impossible to make operational. When you get something from Desired Effect, you know it’s actionable, not academic.”
Another says “Your marriage of market data and the capability of the exploit against a customer’s unique environment is a special and valuable offering.”
Dornbush summarized: “Over the last decade, exploits have been readily available, cheaply and without competition, in sketchy shadow markets, allowing criminals with marginal skill and budget to amass fortunes using cheap exploits, putting both defenders and researchers at a disadvantage. The Desired Effect Marketplace upends that dynamic by allowing those most likely affected by exploits – i.e. the defenders – to achieve the earliest threat intelligence possible, while bringing researchers out of the shadows and into fairer compensation and well-deserved recognition.”
To learn more about Desired Effect membership plans, visit: http://www.desiredeffect.io
