About Bounties Archives

Do you provide a standard specifications template for submissions?

Yes. To ensure a smooth and efficient evaluation process, we provide a standardised submission template through our Vulnerability Research Hub (VRH).

By using this template, you can:

Clearly communicate all required technical details
Accelerate the validation, negotiation, and confirmation of your submission
Avoid common pitfalls and missing information

Simply register on the Vulnerability Research Hub (VRH) platform to access the template and begin your submission.

How do you protect the privacy and confidentiality of researchers?

At Crowdfense, your privacy and security are paramount. We adhere to strict confidentiality protocols to ensure your identity and personal information are fully protected at every stage.

We never share your personal data, including name, alias, email, bank details, or any identifying information, with any third party, including our clients.
Internal access is strictly limited to essential personnel on a need-to-know basis.
Your information is used exclusively for operational purposes, such as processing payments.

Our technical safeguards include:

PGP-encrypted communication for all emails and messages
Encrypted data at rest within the VRH platform
Hardware Security Modules (HSMs) to protect cryptographic keys
Regular security audits and penetration testing of our infrastructure

By combining operational discretion with advanced technical protections, Crowdfense provides researchers with one of the most secure environments in the industry.

Which payment methods and bonuses are available?

Crowdfense usually pays researchers through international bank transfers. Where confidentiality is a concern, we can also provide payments using cryptocurrencies, such as Bitcoin (BTC).

In some cases, bounties are paid in multiple instalments, especially when a minimum exploit lifespan is required.

We also regularly launch high-priority and private bounties through the Vulnerability Research Hub (VRH), offering extra bonuses for time-sensitive or particularly valuable submissions.

Stay active on the VRH to avoid missing exclusive opportunities!

What happens after accepting an acquisition offer from Crowdfense?

Once your submission has been technically assessed and approved, we will send you a final acquisition offer along with a formal purchase agreement.

By signing the agreement, you confirm the exclusive sale of your research to Crowdfense (unless otherwise negotiated). This includes the full transfer of all related intellectual property rights, meaning the research becomes the sole and exclusive property of Crowdfense.

After the sale:

You may not resell, share, publish, or disclose any part of the research
You are legally bound to maintain strict confidentiality indefinitely

This ensures the integrity and exclusivity of the capabilities we deliver to our trusted partners.

How can I increase the potential bounty/reward for my research?

The final acquisition offer from Crowdfense is based on both the impact of the vulnerability and the technical quality of the exploit. To maximise your reward, consider the following factors:

Vulnerability Scope & Impact

Targeting widely used products or platforms increases value
Higher severity bugs (e.g., RCEs, sandbox escapes) are rewarded more than lower-impact ones (e.g., LPEs)
Bugs that require minimal configuration changes or user interaction are more attractive
Broader coverage across multiple versions or systems boosts payout potential

Exploit Quality

High reliability and stability across different environments
Bypasses for modern exploit mitigations (e.g., DEP, ASLR, CFG)
Support for process continuation or clean post-exploitation state
Clean implementation, no hardcoded offsets, no brittle ROP chains
Fully documented technical analysis and root cause breakdown

The more impactful, versatile, and professionally packaged your submission is, the more valuable it becomes.

Are theoretically exploitable bugs (e.g., crash-only PoCs or triggers) eligible?

No, Crowdfense only acquires vulnerabilities that are proven to be practically exploitable and accompanied by a fully functional, reliable exploit targeting the latest stable versions of the affected software, system, or device.

We require working proof-of-concept code that demonstrates real-world exploitation potential.

However, if you believe your research holds exceptional value or could be developed into a complete exploit, feel free to contact us. We’re always open to discussing promising edge cases.

Are partial exploits (e.g., a browser RCE without a sandbox escape) eligible?

Yes, Crowdfense accepts both standalone and chained exploits.

We are open to acquiring:

Individual exploit components, such as a browser RCE without a sandbox escape, or a sandbox escape on its own
Full exploit chains, combining multiple stages (e.g., RCE + sandbox escape + privilege escalation)

As long as the submitted component demonstrates real-world impact and meets our quality standards, it will be evaluated and priced accordingly.

Do you also acquire exploitation techniques or mitigation bypasses?

Yes. In addition to zero-day vulnerabilities and full exploits, Crowdfense is actively interested in acquiring:

Novel exploitation techniques
Mitigation bypasses (e.g., defeating DEP, ASLR, CFG, PAC, etc.)
Innovative research that advances offensive capabilities

If you’ve developed a unique method or breakthrough in exploit development, we’re open to evaluating it and making a competitive offer.

Contact us directly to discuss your findings in a confidential setting.

What if I found a vulnerability that’s not in your current scope?

If you’ve discovered a high-quality vulnerability that falls outside our listed scope, we’re still open to evaluating it on a case-by-case basis.

In such situations, the review process may take longer, as we need to assess potential buyer interest and ensure it aligns with our acquisition policies and procedures.

Have something valuable that’s not currently in scope?
Reach out to us via email; we may still be able to help.

Which products or software are eligible? What is Crowdfense’s scope?

We acquire vulnerability research and exploits affecting modern, widely used operating systems, applications, and devices, including mobile, desktop, embedded, and enterprise platforms.

Our focus is primarily on zero-day vulnerabilities; however, from time to time, we may also acquire recent n-day vulnerabilities (typically up to six months old) for mobile platforms, depending on their impact and exploitability.

For a detailed list of in-scope targets and requirements, please refer to our Exploit Acquisition Program.