Which payment methods and bonuses are available?
Crowdfense usually pays researchers through international bank transfers. Where confidentiality is important, we can also pay using cryptocurrencies. Crowdfense pays some bounties in multiple instalments to ensure that the research will meet a minimum lifespan requirement. From time to time, we will propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub (VRH): be sure not to miss them!How can I increase the potential bounty/reward for my research?
The final offer sent by Crowdfense to acquire your exploit, after your submission is thoroughly reviewed and validated, will depend on the scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc), but also on the quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).How much can I earn from working with you?
The amount paid depends on multiple variables:- How widespread is the software/hardware? Popular products typically reach higher amounts.
- The scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc)
- The quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).
