Submit Your Research

ZERODIUM acquires zero-day vulnerabilities with fully functional exploits only. We do not acquire PoCs for theoretically exploitable or non-exploitable vulnerabilities. For more information, please read our Program and FAQ sections.

To receive a pre-offer or to submit your zero-day research and/or exploit, please send an encrypted email and attach your public PGP key to: using our PGP key.

Important: Please check your spam/junk folder in case our emails are flagged as spam. We usually reply within 1 to 2 business days.

Minimal Technical Details Required (to receive a pre-offer):

- Targeted software name(s)
- Targeted software version(s) + architecture (32bit, 64bit, or both)
- Targeted OS version(s) + architecture (32bit, 64bit, or both)
- Vulnerability type/class (e.g. memory corruption, race condition, etc)
- Attack scenario/vector (e.g. visit a web page, open a doc, etc)
- Success rate of the exploit (100% or less)
- Time of execution of the exploit (X seconds)
- Is the exploit working with default installations (yes/no)
- Is the exploit requiring any special setting or configuration (explain)
- Is the exploit requiring any authentication or credentials (explain)
- Is the exploit requiring any user interaction (explain)
- Is the exploit requiring any specific user privilege (explain)
- Any additional information, limitations, or requirements
- Your nationality and country of residence (for payment purposes)
- Your public PGP key (if you have one)

Full Technical Details Required (after you receive & accept the pre-offer):

- Fully functional exploit in any programming language with commented source code
- Technical analysis of all utilized vulnerabilities (analysis of root cause(s), exploitation method, and mitigations bypass)
- Step-by-step instructions and list of requirements to prepare, compile, and use the exploit

ZERODIUM reserves the right, at its sole discretion, to make or to not make an offer to acquire an exploit for any/no reason.


Submission Process

ZERODIUM evaluates and verifies all submitted research within one week or less. Payments are made in one or multiple installments by wire transfer or using crypto-currencies e.g. Bitcoin. The first payment is sent within one week or less. For more information, please read our FAQ.