The continued discovery of new software vulnerabilities and their abuse by criminals and governments is the root cause of a considerable portion of the losses experienced by society. Every exploitable vulnerability used offensively induces significant direct and indirect losses for users and society as a whole. Experience has shown that traditional approaches based on “more of the same” do not deliver better overall security. It is time to examine the economics of depriving cyber-criminals’ access to new vulnerabilities through the systematic purchase of all relevant vulnerabilities discovered at or above black market prices. Purchasing all vulnerabilities of a software vendor for USD 150k is typically less than 1% of that vendor’s revenue in a year. Purchasing all vulnerabilities for all vendors costs much less than the expected reduction in losses, or less than 0.01% of the GDP of the US or the EU. It is economically viable to make large-scale purchases of vulnerabilities to reduce losses, establish proper incentives, and provide transparency. Dr. Stefan Frei is a lecturer at ETH Zürich.