Every year, the DoD upgrades its information technology systems, allows new applications to connect to the network, and reconfigures the Enterprise to gain efficiencies. While these actions are to better support the warfighter and satisfy national security interests, they introduce new system vulnerabilities waiting to be exploited. Often, these vulnerabilities are discovered after the system has already deployed and where costs to fix are much larger. This paper recommends the DoD adopt an Information Assurance tactic to limit these costs, called the vulnerability market. Through use of the vulnerability market, DoD will ensure information security is built into the application, minimize the number of distributed patches, and optimize investment in defense programs. Using empirical data, it was shown that vulnerability disclosure phases vary significantly (3-10) years based on market share. Using Adobe Acrobat, a case was made that investing early in a 25% vulnerability disclosure rate could save over 25% cumulative lifecycle costs due to vulnerability remediation actions.