In their quest for coping with risks stemming from cyber space, some states have adopted contradictory approaches to managing them. Instead of working toward long-term international stability in cyber space, these states have been tempted by short-term benefits on national security grounds that have domestic and international negative externalities in the long run. This chapter aims to illustrate this two-sided state policy toward cyber security by focusing on these states’ sustainment of and interaction with black markets for vulnerabilities and exploits (VEs). 1 It argues that if security in and through cyber space is one or even the key goal of cyber-security policies, then engaging in the market for VEs, as some state agencies do, creates unnecessary and counter-productive distrust for all actors involved. The current behavior, aimed at achieving more security, is actually leading to less virtual security and indirectly, less physical security (Dunn Cavelty 2012). This chapter argues for a shift in focus of national and international policy toward a defensive, long-term oriented approach to cyber security by reducing and responsibly disclosing vulnerabilities as well as ensuring cooperation between all relevant actors.