How to dry up the shadow market for IT security vulnerabilities

I don't think I would trust a "state sponsored purchasing office" to identify the fair market value of an exploit or even separate legitimate exploits from fake ones.