Vulnerability Management, Bug Bounties, Training

Crowdfense expands exploit acquisition program

Security Affairs reports that zero-day vulnerability research hub and acquisition platform Crowdfense has increased its exploit acquisition program to provide up to $30 million in total rewards, while expanding its scope to cover security issues impacting enterprise software, messengers, and Wi-Fi/baseband.

Under the expanded program, iOS zero-day exploits will be worth $5 million to $7 million, while Android zero-days will command up to $5 million. On the other hand, Crowdfense will be giving bounties of $3 million to $5 million for zero-days impacting iMessage and WhatsApp, as well as rewards of up to $3.5 million and $3 million for Safari and Chrome zero-days, respectively.

"Payouts for full-chains or previously unreported, exclusive capabilities, range from USD 10,000 to USD 9 million per successful submission. Partial chains will be evaluated on a case-by-case basis and priced proportionally," said Crowdfense.

Such a development comes five years after the firm introduced its $10 million bug bounty program and Vulnerability Research Hub platform.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.