What Is a Bug Worth? — The Interactive Model

A user-driven companion to the 2026 Evidence Edition. Pick a pricing object, a target, and a buyer; tune the five forces; toggle AI and geopolitics; read the range.

This is a language, not arithmetic. The numbers below are bounded ranges anchored to the empirical sources cited in the paper — Crowdfense's published acquisition program, the i-Soon DOJ indictment, Apple's bounty schedule, the Herr/Schneier/Morris rediscovery work, GTIG's zero-day reviews. Every number you see is a bracket on what a buyer might pay, not a quote.

Validity layer (2026-04): The model's anchors are now grouped by evidence tier: court leaked invoice government disclosure journalism broker offer. The Provenance knob and the Russian pricing basis toggle let you separate stated offers from confirmed sales — the single largest source of mispricing in this market. See VALIDITY-STRESS-TEST.md for the bracket-fit scoreboard.

1. What is being priced

Pricing object
Target hardness
Buyer model

2. The five forces

Maintenance burden 50
Higher = the chain rots faster, requires constant rework against patch cycles. Reduces value above 50.
Time decay 50
Higher = patch cadence and competing capabilities are closing in fast. Stable Chrome stable channel ≈ 70; irregular enterprise ≈ 30.
Detection / attribution risk 50
Higher = using it gets you caught (Citizen Lab footprint, Lockdown Mode forensics, MTE bypass detection).
Substitutability 50
Higher = stolen creds, n-days, telco interception or cloud abuse get the same effect cheaper. Pulls value down.
Conversion pipeline 50
Higher = elite operator with full chain-assembly, OPSEC, deployment infrastructure. Lifts realised value.

3. AI & geopolitical regime

AI inflection
Geopolitical regime
Provenance
Rediscovery rate 12.7%
5.76% (RAND, elite-chain floor) ↔ 12.7% (Herr baseline) ↔ 25% (AI-assisted ceiling).
Time baseline (year) 2026
Price level of the chosen year. 2026 = today (×1.0). Coarse extrapolation along an offer-ceiling growth curve (Dellago ~44%/yr pre-2020, slower after) — treat year-scaled figures as order-of-magnitude, not precise.

What this configuration is worth

— pricing object —

Cost decomposition

Discovery Weaponisation Maintenance Margin

Empirical anchors in this configuration

court court-confirmed sale · leaked invoice primary document · government disclosure · journalism · offer broker public price · listing forum asking price
Validation Mode — confirmed transactions vs. model output

The stress-test from VALIDITY-STRESS-TEST.md. Each row is a court-confirmed, leaked-invoice, or government-disclosed transaction. Pre-fix bracket score: 9/15 (60%); post-fix target: 13/15 (87%). Apply the Provenance and Russian-basis knobs above to see post-fix behavior.

# Confirmed transaction Year Observed Tier Source
Loading corpus…

Loaded from data/confirmed-prices-2026-04.json. If you opened this via file:// and the table stays "Loading", browsers block local fetches — run a local server: cd ~/Projects/vulnerability-economics && python3 -m http.server 8765, then open http://localhost:8765/2026-interactive-model.html.