Which products and/or software are eligible? What is Crowdfense’s scope?
We acquire vulnerability research and exploits affecting recent operating systems, software, and devices. Please refer to our Exploit Acquisition Program for a list of eligible products and scope.What is VRH?
The Vulnerability Research Hub (VRH) is our unique private collaboration platform, a safe environment where researchers can anonymously submit, discuss and sell single zero-day and chains of exploits. To know more about it, visit our researchers page or sign-up on VRH .How do I submit my zero-day research to Crowdfense? What is your submission process?
Our submission process is straightforward. All research and exploits must be sent to Crowdfense using our Vulnerability Research Hub (VRH) platform. Initial submission must include the required specifications, necessary to evaluate your submission, alongside a video POC. All final submissions must include a fully functional exploit with source code, a technical analysis including a description of the root cause of the bug(s) and exploitation method(s).How much can I earn from working with you?
The amount paid depends on multiple variables:- How widespread is the software/hardware? Popular products typically reach higher amounts.
- The scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc)
- The quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).