This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program.
Crowdfense is the world’s premier research and acquisition platform for high-quality zero-day exploits and advanced vulnerability research.
Both the company’s innovative “Vulnerability Research Hub” (VRH) online platform and its $10 million bug bounty program received widespread attention from researchers in 2019.
According to the company, payouts for exclusive capabilities or full chains that have not been disclosed range from USD 10,000 to USD 9 million for each successful application.
Partial chains will be assessed individually and charged accordingly.
“Within this program, Crowdfense evaluates only fully functional, top-quality zero-day exploits affecting the following platforms and products,” the company said.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
The company has disclosed that this year’s program includes significantly higher rewards.
Interestingly, the company is offering $5–$7 million for zero-day exploits on iPhones, up to $5 million for zero-days to breach Android phones, up to $3–$3.5 million for zero-days on Chrome and Safari, and $3–$5 million for zero-days on iMessage and WhatsApp.
Researchers may be able to make up to $3.5 million through exploits that allow for sandbox escape and remote code execution on iOS.
For Chrome exploits that result in remote code execution and local privilege escalation, the business is willing to pay between $2 million and $3 million; for Safari exploits of a similar nature, it will pay between $2.5 million and $3.5 million.
Crowdfense offers many additional payments for less complex zero-day exploits that target various products, such as the Chrome and Safari browsers.
In 2019, the business made a $3 million offer for an iOS and Android zero-click remote code execution exploit.
The cost of threat intelligence teams’ findings rises as more zero-day vulnerabilities are found, so attackers have to put in more time and effort.
The company said, “Please be aware that from time to time, we will also propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub: be sure not to miss them!”
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
Security researchers have uncovered a previously undetected malware threat for macOS that exhibits characteristics of…
Truffle Security Co. has recently discovered a major vulnerability in Postman, the widely used API…
It has been found that almost one-fifth of the repositories on Docker Hub, a popular…
Vulnerability exploits are the third most common way that cybercriminals gain access to target organizations,…
Threat actors have claimed to have discovered a 0-day vulnerability in Zyxel VPN devices. This…
Hackers exploit DNS vulnerabilities to redirect users to malicious websites, launch distributed denial-of-service (DDoS) attacks…