We moved to a new site https://ssd-disclosure.com

 Our vulnerability disclosure program - established in 2007

SecuriTeam Secure Disclosure (SSD) helps security researchers turn their skills in uncovering security vulnerabilities into a career.

Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities responsibly reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software or devices.

Would you like to find out more? Email us at: [email protected].


Scope

Targets of interest:
  • Operating systems: Windows / Linux / OSX
  • Mobile: iOS / Android
  • Web Browsers: ToR / Chrome / Safari / Edge / FireFox

  • Readers: Microsoft Office
  • Web Hosting Control Panel: cPanel / Plesk / DirectAdmin / Webmin / VestaCP / ISPManager / ISPConfig / Aegir
  • Mailserver: Microsoft Exchange Server / Zimbra / Roundcube / MDaemon / Horde / Exim / Postfix / Dovecot
  • CMS: WordPress / Joomla / Drupal / vBulletin
  • Embedded: Mobile Baseband / NAS / Routers / DVR
  • Network Management Systems: Zabbix / Nagios / PRTG
  • Others: PHP / .NET / Firewalls / Protocols

 

Got a vulnerability out of this scope? Send us an email, we can still help: [email protected]


Submission process

  1. You send us a brief description of the vulnerability.
  2. We may follow up with questions.
  3. We sign a contract.
  4. You send us the vulnerability.
  5. Our technical team verifies the vulnerability.
  6. We contact the vendor.
  7. You get paid.
  8. The vulnerability is responsibly disclosed and published.

Q&A

How much can I earn from working with you?

The amount paid depends on two different variables:

  • How widespread is the software/hardware? Popular products typically reach higher amounts.
  • How critical is the vulnerability? For example, if you find an unauthenticated arbitrary code execution vulnerability, you would be paid substantially more than for a Cross Site Scripting vulnerability.

What if I want to stay anonymous?

Fine by us! A lot of our researchers choose to stay anonymous.

What is your policy regarding privacy and confidentiality of researcher's information?

We take the privacy of researchers very seriously and do not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.

What is the difference between SSD and Bug Bounties or other programs?

Financially:

  • We pay more than bug bounty programs.
  • If a vendor doesn't have a bug bounty program - we are still interested in acquiring the vulnerability and reporting it to the vendor.
  • We believe researchers need to get paid for their effort and we are willing to offer higher rewards.

Administratively:

  • We will handle all the reporting process.
  • We will publish your research and attribute it per your instructions.

How do I submit my questions or research?

Send us an email [email protected] - It's that easy!


The SSD community

As part of our vulnerability disclosure program we have established a community of researchers. We believe in long-term investment in this group and we provide the tools, education and knowledge they need to find more vulnerabilities and advanced attack vectors and discover innovative ways to exploit them.

We sponsor researcher's workshops, courses, software licenses, hardware and conference attendance.

We are always looking for new researchers to join our community. That’s why we are promoting our “Friend Bring Friend” program. If you refer us a new researcher and he will start working with us on Operating systems / Mobile / Web Browsers – you will get 10,000$ USD / For other vulnerabilities – you will get 1,000$ USD

As another way to support the international community we sponsor security conferences around the world - from Black Hat USA to community conferences such as DefCamp Romania. We publish vulnerability technical information in our blog (blogs.securiteam.com), on Twitter (@SecuriTeam_SSD) and in vendor advisories. We also give lectures and host hacking competitions at international security conferences.

In 2018 we sponsored and some of our researchers attended:

  1. OffensiveCon
  2. Hack In The Box
  3. Zer0con
  4. CanSec

Vulnerability report template

Use this template to speed confirmation of your discovery:

  1. Vulnerability Title
  2. Date of submission
  3. Description of Product (from vendor/site)
  4. Description of Vulnerability
    • 4.1 Title
    • 4.2 Product
    • 4.3 Version
    • 4.4 Homepage
    • 4.5 Binary Affected
    • 4.6 Binary Version
    • 4.7 Binary MD5
  5. Configuration Requirements
  6. Vulnerability Requirements
  7. Vulnerability Summary Information
    • 7.1 Vulnerability Class
    • 7.2 Affected Versions Tested
    • 7.3 Affected Versions Assumed (explain assumption)
    • 7.4 Unaffected Versions
    • 7.5 Affected Platforms Tested (Windows, Linux, 32bit, 64bit, 10 RS1, 10 RS2, 2016, Ubuntu, etc.)

For more information, email us at: [email protected].

  • 共有产权住房亮相 完善“梯队消费” 2019-06-24
  • 俄罗斯金融寡头放弃奢华生活 甘愿当农民[组图] 2019-06-24
  • 我的这五年 幸福在这里 2019-06-17
  • 新疆规范法律服务事中事后监管 实现科学有效监管 2019-06-16
  • 关于《中华人民共和国监察法(草案)》的说明 2019-06-13
  • [微笑]因为人的基本需求是存在边际的,不会出现你所谓的无限制消费!比如坐公交,你会因为不要钱就一天到晚呆在公汽上么? 2019-06-07
  • 回应美方制裁 俄国家杜马酝酿对美反制法案 2019-06-07
  • 北京百子湾车祸致2死3伤 小客车女司机系无证驾驶 2019-06-06
  • 2018海创会带你领略黑科技产品 2019-06-05
  • 【扎实推进重大项目落地见效】重庆经开区发展再提速 东港片区路网工程打通“交通动脉” 2019-06-04
  • 俄罗斯足球队50横扫沙特队真是让人大饱眼福,特提精神!俄罗斯是战斗民族名不虚传。 2019-06-01
  • 光明在线培训管理平台 2019-05-27
  • 儿童掉进冰窟 小伙用双手砸出“生命通道” 2019-05-25
  • 安检不用摸 登机刷脸过 智能技术抢眼民航成果展 2019-05-14
  • 推动发展文化产业与其他关联产业深度融合 2019-05-05
  • 北单即时sp爱波 江苏7位数17191开奖 3d开机号和试机号 快乐时时彩官网 福彩3d走势图带连线带合值 生与死沙滩排球 内蒙古11选5前三直推荐 天天彩票论坛一波中特 天津时时彩最早开奖结果 体彩重庆百变王牌545期 欢乐斗地主手机版下载 7星彩杀号定胆 浙江飞鱼实业有限公司 浙江体彩6+1走势综合图 单双中特王