FAQ

Frequently Asked Questions

Are you wondering how to legally sell your zero-day (0-day) exploits or research? Let us help you.
Here is a collection of frequently asked questions (FAQ) that can help you navigate the world of 0-day brokerage.


Yes, please register to our Vulnerability Research Hub (VRH) platform to use its template and speed up the validation and confirmation of your discovery.
We take the privacy of researchers very seriously; we will never disclose to any third party (including customers) any personal information about researchers, such as names, aliases, email addresses, bank details, or any other personal or confidential information. We even restrict internal access to your data on a need-to-know basis and use your personal information for the sole purpose of processing payments. All messages we receive and send on VRH or via email are encrypted with PGP. VRH data is encrypted at rest; we employ HSM on our server and routinely perform security testing on our infrastructure and services.
Crowdfense usually pays researchers through international bank transfers. Where confidentiality is important, we can also pay using cryptocurrencies. Crowdfense pays some bounties in multiple instalments to ensure that the research will meet a minimum lifespan requirement. From time to time, we will propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub (VRH): be sure not to miss them!
After assessing and approving the research, we will send you the final acquisition offer and the agreement. By signing the agreement, you accept the exclusive sale (unless differently agreed) of your research to Crowdfense and fully transfer all related intellectual property rights to us, meaning that the research becomes the exclusive property of Crowdfense. You are not allowed to re-sell, share, publish, or report the research to any other person or entity at any time.
The final offer sent by Crowdfense to acquire your exploit, after your submission is thoroughly reviewed and validated, will depend on the scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc), but also on the quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).
No. We only acquire vulnerabilities proven to be exploitable and accompanied by a fully functional exploit working with the latest stable versions of the affected software/system/device. Feel free to contact us if you think that your research may still be eligible.
Yes. We can acquire either individual exploits (e.g. a browser RCE without a sandbox escape or a sandbox escape alone without any browser exploit) or chained/combined exploits.
We will be glad to discuss and make offers for zero-day exploits and innovative research, exploitation techniques, or mitigation bypasses. Please get in touch with us to further discuss your findings.
We can evaluate, on a case-by-case basis, bugs outside our scope. We usually need more time for this cases since an appropriate buyer must be found and the interest confirmed. Is a vulnerability not on our scope? Please send us an email ; we can still help.
We acquire high-risk vulnerabilities accompanied by a fully functional and reliable exploit. Please refer to our Exploit Acquisition Program for a list of eligible exploits and scope.
We acquire vulnerability research and exploits affecting recent operating systems, software, and devices. Please refer to our Exploit Acquisition Program for a list of eligible products and scope.
The Vulnerability Research Hub (VRH) is our unique private collaboration platform, a safe environment where researchers can anonymously submit, discuss and sell single zero-day and chains of exploits. To know more about it, visit our researchers page or sign-up on VRH .
Our submission process is straightforward. All research and exploits must be sent to Crowdfense using our Vulnerability Research Hub (VRH) platform. Initial submission must include the required specifications, necessary to evaluate your submission, alongside a video POC. All final submissions must include a fully functional exploit with source code, a technical analysis including a description of the root cause of the bug(s) and exploitation method(s).
The amount paid depends on multiple variables:
  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • The scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc)
  • The quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).
For example, if you find an unauthenticated remote code execution (RCE) vulnerability, you would be paid substantially more than for a privilege escalation (LPE/EoP) vulnerability.
Sure, you can receive a pre-offer for your research without disclosing it. Simply submit minimal technical details alongside a video POC on our Vulnerability Research Hub (VRH) platform. We will evaluate the details and send you a pre-offer if the research meets our requirements. The offer will be confirmed after we review, assess and approve the complete research.
Any company or individual can submit zero-day research and participate in our Exploit Acquisition Program .
We pay the highest bounties in the industry. Our payouts will exceed everything that a vendor can offer. We believe researchers need to get paid for their efforts, and we are willing to offer higher rewards. Our Vulnerability Research Hub (VRH) offers a streamlined process from vulnerability submission to reclaiming your bounty.
We pay the highest bounties in the industry. We believe researchers need to get paid for their efforts, and we are willing to offer higher rewards. Our Vulnerability Research Hub (VRH) offers a streamlined process from vulnerability submission to reclaiming your bounty.
We often seek vulnerability researchers to join our internal zero-day research team. Crowdfense researchers conduct cutting-edge vulnerability research and exploit development. They find zero-day vulnerabilities, write in-depth root-cause analyses, contextualise the vulnerabilities and attack vectors, and identify patterns in emerging and established attack surface areas. Visit our careers page to find employment opportunities.
Crowdfense customers are government institutions in need of advanced zero-day exploits and cyber security capabilities. Crowdfense adheres to unparalleled export control, compliance, due diligence, and vetting standards to ensure transparency and accountability for the world’s most trusted vulnerability acquisition platform.
Crowdfense reviews, tests and validates all the acquired vulnerability research. It's then customized and documented and then provided to institutional clients.
We pay the highest bounties in the industry. Our payouts will exceed what other bug bounty programs can offer. We believe researchers need to get paid for their efforts, and we are willing to offer higher rewards. Our Vulnerability Research Hub (VRH) offers a streamlined process from vulnerability submission to reclaiming your bounty.
Crowdfense is the world-leading research hub and acquisition platform for high-quality zero-day exploits and advanced vulnerability research. Led by cybersecurity experts, our platform hosts a global community of top-tier independent researchers with unmatched skills in advanced vulnerability research and exploit development. Crowdfense pays the highest bounties in the industry to acquire zero-day exploits and advanced vulnerability research.