When a vulnerability is found, it needs to get into the right hands quickly. We offer a fast and straightforward approach to disclosing your research and the quickest submission process out there.
We believe researchers' efforts should be compensated with the highest payouts. If a vendor doesn’t accept disclosures, we will still be interested in acquiring the vulnerability and reporting it.
Many of our researchers utilize our maximum privacy protection and choose to stay anonymous when submitting their findings. We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included).
What We Do
The researcher sends us a brief description of the vulnerability for review
the researcher submits the full discovery details and exploits. our team tests aand verifies the findings.
SSD signs a detailed contract – focused on protecting your research.
the researcher gets the full payout within a week
the vulnerbility is disclosed and published. Full credit is given to the researcher.
Windows (RCE and PE)
Chrome (RCE or SBX)
Summary A vulnerability in TOTOLINK LR1200GB allows remote unauthenticated attackers to become authenticated due to a stack overflow vulnerability in the web interface. Additional post-auth vulnerabilities in the product allow for command injection and their
Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described
Summary A vulnerability exists in WifiKey’s AC Gateway allowing remote attackers to trigger a pre-auth RCE vulnerability in the product allowing complete compromise of the device. Credit An independent security researcher working with SSD Secure