...cause as we all know, the bad guys would never have any money to buy these or have false identities/shell companies with stolen information to purchase vulns with. and $10k? I bet some of the larger spam ops pull that in about an hour.

Here is a question, what if a windows vuln was purchased by bad guys, using fraudulent info and a stolen credit card, and the purchased vuln was then used to exploit windows users and steal more creit card numbers? Like a snake eating itself.

I personally think making vulns a commodity only creates a more harmful environment. Only crappy security vendors buy these and then write signatures to catch one variant of the exploit. What a world.

Reverse engineering illegal? First that I've heard of it!

If the aim is to direct vulnerability research to the good, it also seems to be an odd decision to make. The good guys can't use the same tools? Daft!