"The zero-day industry tries 'transparency' in Dubai", 4 June 2018

... Headquartered in the United Arab Emirates, Crowdfense first attracted attention in April when it announced a $10 million fund to pay enterprising hackers for zero-day exploits that the company then turns around to sell to government customers... The big money comes paired with an earnest promise of “transparency” that is unique in an industry where secrecy is standard operating procedure. Crowdfense director Andrea Zapparoli Manzoni told CyberScoop that he wants to “do things differently”... Oppressive regimes can turn the potent tools against their own citizens while these developers rake in the cash. The well-known companies, like Israel’s NSO Group, make over $200 million in sales per year, according to one employee of that firm... “This sector has no proper regulation... [a]ll you can do is try to self-regulate and do no evil.” Manzoni... wants to build a successful and “decent” zero-day business by following a set of self-imposed rules that focuses in on one point: “We deal only with countries with track records of human rights respect”... Crowdfense also doesn’t build “mass surveillance tools,” instead focusing on exploits that can be used in highly focused operations against less than a dozen targets... The policy of avoiding selling zero-day exploits to certain countries certainly sets Crowdfense apart. But it’s an interesting choice for a company headquartered in a nondemocratic Asian country notorious for both its love of new and expensive technology alongside its longstanding and continuing human rights abuses...