... Loading ...

SSD Secure Disclosure

Disclosing vulnerabilities responsibly since 2007

Q&A

How much can I earn from working with you?

The amount paid depends on two different variables:

  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • How critical is the vulnerability? For example, if you find an unauthenticated arbitrary code execution vulnerability, you would be paid substantially more than for a Cross Site Scripting vulnerability.

What if I want to stay anonymous?

Fine by us! A lot of our researchers choose to stay anonymous.

What is your policy regarding privacy and confidentiality of researcher’s information?

We take the privacy of researchers very seriously and do not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.

What is the difference between SSD and Bug Bounties or other programs?

Financially:

  • We pay more than bug bounty programs.
  • If a vendor doesn’t have a bug bounty program – we are still interested in acquiring the vulnerability and reporting it to the vendor.
  • We believe researchers need to get paid for their effort and we are willing to offer higher rewards.

Administratively:

  • We will handle all the reporting process.
  • We will publish your research and attribute it per your instructions.

How do I submit my questions or research?

Send us an email contact@ssd-disclosure.com – It’s that easy!

Print Friendly, PDF & Email