The payout depends on several key factors, including:
-
Target popularity: Vulnerabilities in widely deployed software or hardware receive significantly higher rewards.
-
Bug impact and scope: The more critical the vulnerability (e.g., RCE vs. LPE), and the broader the affected products or platforms, the higher the value.
-
Exploit quality: We assess the reliability, sophistication, and completeness of your exploit:
-
Bypasses exploit mitigations
-
Works across multiple versions/platforms
-
Requires minimal/no user interaction
-
No hardcoded offsets or fragile techniques
-
Supports process continuation (where applicable)
-
Example:
An unauthenticated remote code execution (RCE) vulnerability with a robust, cross-version exploit will earn significantly more than a local privilege escalation (LPE) with limited reach.
Crowdfense consistently pays the highest bounties in the industry, with payouts designed to match the real-world impact of your research.
