To submit your zero-day research and/or exploit, please send an encrypted email and your public PGP key to: using our PGP key.
ZERODIUM acquires zero-day vulnerabilities with fully functional exploits only. We do not acquire PoCs for theoretically exploitable or non-exploitable vulnerabilities. For more information, please read our Program and FAQ sections.
ZERODIUM does not acquire vulnerabilities or exploits affecting online services or web sites such as Facebook, Google, Apple, etc. Please report such vulnerabilities directly to the affected vendor or through one of their bug bounty programs (if any).
ZERODIUM reserves the right, at its sole discretion, to make or to not make an offer to acquire a vulnerability for any/no reason.
ZERODIUM evaluates and verifies all submitted research within one week or less. Payments are made in one or multiple installments by wire transfer. The first payment is made within one week or less. For more information, please read our FAQ.