FAQs

We acquire vulnerability research and exploits affecting recent operating systems, software, and devices. Please refer to our Exploit Acquisition Program for a list of eligible products and scope.
The Vulnerability Research Hub (VRH) is our unique private collaboration platform, a safe environment where researchers can anonymously submit, discuss and sell single zero-day and chains of exploits. To know more about it, visit our researchers page or sign-up on VRH .
Our submission process is straightforward. All research and exploits must be sent to Crowdfense using our Vulnerability Research Hub (VRH) platform. Initial submission must include the required specifications, necessary to evaluate your submission, alongside a video POC. All final submissions must include a fully functional exploit with source code, a technical analysis including a description of the root cause of the bug(s) and exploitation method(s).
The amount paid depends on multiple variables:
  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • The scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc)
  • The quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).
For example, if you find an unauthenticated remote code execution (RCE) vulnerability, you would be paid substantially more than for a privilege escalation (LPE/EoP) vulnerability.
Sure, you can receive a pre-offer for your research without disclosing it. Simply submit minimal technical details alongside a video POC on our Vulnerability Research Hub (VRH) platform. We will evaluate the details and send you a pre-offer if the research meets our requirements. The offer will be confirmed after we review, assess and approve the complete research.
Any company or individual can submit zero-day research and participate in our Exploit Acquisition Program .
We pay the highest bounties in the industry. Our payouts will exceed everything that a vendor can offer. We believe researchers need to get paid for their efforts, and we are willing to offer higher rewards. Our Vulnerability Research Hub (VRH) offers a streamlined process from vulnerability submission to reclaiming your bounty.
We pay the highest bounties in the industry. We believe researchers need to get paid for their efforts, and we are willing to offer higher rewards. Our Vulnerability Research Hub (VRH) offers a streamlined process from vulnerability submission to reclaiming your bounty.
We often seek vulnerability researchers to join our internal zero-day research team. Crowdfense researchers conduct cutting-edge vulnerability research and exploit development. They find zero-day vulnerabilities, write in-depth root-cause analyses, contextualise the vulnerabilities and attack vectors, and identify patterns in emerging and established attack surface areas. Visit our careers page to find employment opportunities.
Crowdfense customers are government institutions in need of advanced zero-day exploits and cyber security capabilities. Crowdfense adheres to unparalleled export control, compliance, due diligence, and vetting standards to ensure transparency and accountability for the world’s most trusted vulnerability acquisition platform.