FAQs

Yes. To ensure a smooth and efficient evaluation process, we provide a standardised submission template through our Vulnerability Research Hub (VRH).

By using this template, you can:

  • Clearly communicate all required technical details

  • Accelerate the validation, negotiation, and confirmation of your submission

  • Avoid common pitfalls and missing information

 Simply register on the Vulnerability Research Hub (VRH) platform to access the template and begin your submission.

At Crowdfense, your privacy and security are paramount. We adhere to strict confidentiality protocols to ensure your identity and personal information are fully protected at every stage.

  • We never share your personal data, including name, alias, email, bank details, or any identifying information, with any third party, including our clients.

  • Internal access is strictly limited to essential personnel on a need-to-know basis.

  • Your information is used exclusively for operational purposes, such as processing payments.

Our technical safeguards include:

  • PGP-encrypted communication for all emails and messages

  • Encrypted data at rest within the VRH platform

  • Hardware Security Modules (HSMs) to protect cryptographic keys

  • Regular security audits and penetration testing of our infrastructure

By combining operational discretion with advanced technical protections, Crowdfense provides researchers with one of the most secure environments in the industry.

Crowdfense usually pays researchers through international bank transfers. Where confidentiality is a concern, we can also provide payments using cryptocurrencies, such as Bitcoin (BTC).

In some cases, bounties are paid in multiple instalments, especially when a minimum exploit lifespan is required.

We also regularly launch high-priority and private bounties through the Vulnerability Research Hub (VRH), offering extra bonuses for time-sensitive or particularly valuable submissions.

Stay active on the VRH to avoid missing exclusive opportunities!

Once your submission has been technically assessed and approved, we will send you a final acquisition offer along with a formal purchase agreement.

By signing the agreement, you confirm the exclusive sale of your research to Crowdfense (unless otherwise negotiated). This includes the full transfer of all related intellectual property rights, meaning the research becomes the sole and exclusive property of Crowdfense.

After the sale:

  • You may not resell, share, publish, or disclose any part of the research

  • You are legally bound to maintain strict confidentiality indefinitely

This ensures the integrity and exclusivity of the capabilities we deliver to our trusted partners.

The final acquisition offer from Crowdfense is based on both the impact of the vulnerability and the technical quality of the exploit. To maximise your reward, consider the following factors:

Vulnerability Scope & Impact

  • Targeting widely used products or platforms increases value

  • Higher severity bugs (e.g., RCEs, sandbox escapes) are rewarded more than lower-impact ones (e.g., LPEs)

  • Bugs that require minimal configuration changes or user interaction are more attractive

  • Broader coverage across multiple versions or systems boosts payout potential

Exploit Quality

  • High reliability and stability across different environments

  • Bypasses for modern exploit mitigations (e.g., DEP, ASLR, CFG)

  • Support for process continuation or clean post-exploitation state

  • Clean implementation, no hardcoded offsets, no brittle ROP chains

  • Fully documented technical analysis and root cause breakdown

The more impactful, versatile, and professionally packaged your submission is, the more valuable it becomes.

No, Crowdfense only acquires vulnerabilities that are proven to be practically exploitable and accompanied by a fully functional, reliable exploit targeting the latest stable versions of the affected software, system, or device.

We require working proof-of-concept code that demonstrates real-world exploitation potential.

However, if you believe your research holds exceptional value or could be developed into a complete exploit, feel free to contact us. We’re always open to discussing promising edge cases.

Yes, Crowdfense accepts both standalone and chained exploits.

We are open to acquiring:

  • Individual exploit components, such as a browser RCE without a sandbox escape, or a sandbox escape on its own

  • Full exploit chains, combining multiple stages (e.g., RCE + sandbox escape + privilege escalation)

As long as the submitted component demonstrates real-world impact and meets our quality standards, it will be evaluated and priced accordingly.

Yes. In addition to zero-day vulnerabilities and full exploits, Crowdfense is actively interested in acquiring:

  • Novel exploitation techniques

  • Mitigation bypasses (e.g., defeating DEP, ASLR, CFG, PAC, etc.)

  • Innovative research that advances offensive capabilities

If you’ve developed a unique method or breakthrough in exploit development, we’re open to evaluating it and making a competitive offer.

Contact us directly to discuss your findings in a confidential setting.

If you’ve discovered a high-quality vulnerability that falls outside our listed scope, we’re still open to evaluating it on a case-by-case basis.

In such situations, the review process may take longer, as we need to assess potential buyer interest and ensure it aligns with our acquisition policies and procedures.

Have something valuable that’s not currently in scope?
Reach out to us via email; we may still be able to help.

We acquire high-impact vulnerabilities that pose significant security risks and are accompanied by a fully functional, reliable exploit (preferably with a PoC or weaponised chain).

Eligible submissions typically target:

  • Modern desktop and mobile operating systems

  • Widely deployed enterprise software

  • Embedded, IoT, and network devices

For detailed scope, platform coverage, and specific requirements, please refer to our Exploit Acquisition Program.