Real money, not peanuts
Vulnerability research is becoming increasingly challenging, and finding actionable and reliable cyber-capabilities (which are a small subset of all the existing vulnerabilities) is now an extremely complex endeavour.
Nowadays, many skilful independent researchers are convinced to give away their findings for a pat on their shoulders and a few thousand dollars. At the same time, software vendors make (or save) billions thanks to their work, which in turn is damaging the quality of their future research due to a lack of funds.
For this reason, we pledged to pay the highest rewards on the market to those who deserve it, to financially help talents to fulfil their potential. We defined our contracts so researchers can have enough resources to work full-time on increasingly challenging tasks, legally and safely.
What is VRH?
The Vulnerability Research Hub (VRH) is our unique private collaboration platform, a safe environment where researchers can anonymously submit, discuss and sell single zero-day and chains of exploits.
The platform is organized as a professional and streamlined set of workflows, with an ergonomic interface and maximum OpSec for all the participants.
Through the VRH, the Crowdfense team of experts proactively helps you speed up and standardize the process of evaluating, testing, improving, and documenting your vulnerability research findings without sharing the source code until a contract is defined and an economic agreement is found.
We take care of the hurdles so you can achieve your goals.
Advantages for Researchers
Crowdfense was designed by security researchers for security researchers.
Working with us, you will be able to:
- Contribute to our world-leading public Bug Bounty program , receiving the highest bounties ever paid.
- Have access to our invitation-only private Bug Bounty program.
- Submit your original research and let Crowdfense find the right institutional partner, even if it’s not within the scope of our Bug Bounty program.
- Participate in unique Challenges, competing with other Researchers for additional prizes.
Submission Process
The researcher submits minimal specifications and video proofs of the capability.
Crowdfense reviews the details of the exploit and gives a preliminary evaluation.
The researchers submit the proof of concept to Crowdfense.
Crowdfense reviews the POC and tests the exploit, then sends the final offer.
- The researcher accepts the final offer and agrees on a formal contract.
- The researcher supplies the exploit source code and documentation, and Crowdfense releases the agreed amount.