No. We only acquire vulnerabilities proven to be exploitable and accompanied by a fully functional exploit working with the latest stable versions of the affected software/system/device. Feel free to contact us if you think that your research may still be eligible.
Yes. We can acquire either individual exploits (e.g. a browser RCE without a sandbox escape or a sandbox escape alone without any browser exploit) or chained/combined exploits.
We will be glad to discuss and make offers for zero-day exploits and innovative research, exploitation techniques, or mitigation bypasses. Please get in touch with us to further discuss your findings.
We can evaluate, on a case-by-case basis, bugs outside our scope. We usually need more time for this cases since an appropriate buyer must be found and the interest confirmed. Is a vulnerability not on our scope? Please send us an email ; we can still help.
We acquire vulnerability research and exploits affecting recent operating systems, software, and devices. Please refer to our Exploit Acquisition Program for a list of eligible products and scope.