Crowdfense platform to allow researchers to safely submit, discuss and sell 0day exploits
Crowdfense announced the launch of their Vulnerability Research Platform (VRP). This web-based collaboration platform allows vulnerability researchers to safely submit, discuss and quickly sell single 0day exploits and chains of exploits. The VRP will open on September 3, 2018.
“Through the VRP, Crowdfense experts work in real time with researchers to evaluate, test, document and refine their findings,” said Andrea Zapparoli Manzoni, Director of Crowdfense. “The findings can be both within the scope of Crowdfense public Bug Bounty Program or freely proposed by researchers (for a specific set of key targets).”
Technically, the platform is organized into a streamlined set of workflows, with maximum OpSec for all participants. It is based on a zero-trust model and offers a reduced attack surface, anonymity (if desired), full E2E encryption and several other advanced security features, both client and server side.
The VRP v1.0 features include account and keys management and step-by-step workflows for the submission, technical evaluation and discussion of vulnerabilities, contracting and pricing definition, follow-up and maintenance of 0day capabilities over time.
These features were designed and refined during the past year through private betas, thanks to the support of ethical hackers, vulnerability research teams and selected brokers, with the aim of defining new best practices for the 0day market.
This process-centric approach ensures a faster time-to-market for sellers and higher quality products for customers, since all assets are delivered with the Crowdfense stamp of approval and are fully tested, document and vetted in advance.
The VRP is committed to becoming a standardized, user friendly tool for vulnerability researchers and brokers who want to speed up and simplify the process for evaluating and trading 0day capabilities within a highly confidential, legal and financially lucrative platform.
Crowdfense evaluates, tests and improves state-of-the-art active cyber-defense capabilities from the most talented Researchers in the world and offers them to a carefully selected group of global institutional Customers.