How much can I earn from working with you?

The amount paid depends on multiple variables:

  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • The scope of the bug(s) (affected products, criticality, attack vector, required configuration, user interaction, limitations, etc)
  • The quality of the exploit (reliability, bypassed exploit mitigations, covered versions/systems/platforms, process continuation, no hardcoded offsets or ROP, etc).

For example, if you find an unauthenticated remote code execution (RCE) vulnerability, you would be paid substantially more than for a privilege escalation (LPE/EoP) vulnerability.