Zeronix - FAQ

Home
FAQ

FAQ

Frequently Asked Questions

Zeronix pays PRECIOUS rewards for high-risk vulnerabilities with fully functional/reliable exploits.

Furthermore, we have established a Code of Business Ethics, hold ourselves to its principles and standards, and go to great length to highly value and reward the integrity and the findings of contributing security researchers.

Zeronix customers are high-performance organizations, both in the government and industry sectors, who demand tailored cybersecurity capabilities, actionable vulnerability information, and risk mitigation strategies to reach confidence in today’s interconnected operational environment and mitigate the risks faced by their stakeholders.

We welcome any company or individual researcher to participate in the Zeronix program except those from United Nations sanction list. Please contact us to discuss your specific situation.

Yes. You can receive a pre-offer for your research without disclosing it. Simply submit minimal technical details without submitting the exploit itself and without disclosing full details of the bug(s). Zeronix will evaluate the minimal details and send you a pre-offer if the research meets our requirements. The offer will be confirmed after we review and approve the full research.

Our submission process is simple and straightforward.Visit our submit page for more information.

All research and exploits must be sent to Zeronix using PGP encrypted emails. Submissions can be in any format as long as all the supplied files and/or messages are PGP encrypted. All submissions must include: a fully functional exploit with source code (if any), a technical analysis including a description of the root cause of the bug(s) and exploitation method(s), required configuration and limitations, and any other information necessary to evaluate your submission.

You can install and use PGP on Windows, Mac, and Linux.

On occasion, we may receive information from multiple researchers regarding the same vulnerability in the same vendor product. If this occurs, the first researcher who provides information that can be verified by Zeronix team will be compensated, if they accept our offer. Subsequent researchers submitting the same vulnerability will not.

Zeronix acquires vulnerability research and exploits affecting recent operating systems, software, and devices. Please check the Rewards section for a list of eligible products.

We interested in high-risk vulnerabilities accompanied by a fully functional and reliable exploit codes that will lead to arbitrary code execution, privilege escalation, sandbox escape and leakage of sensitive information. Please check the Rewards section for a list of eligible exploits.

Factors are related to both the demand for the given exploit and its technical attributes. When evaluating a submission, Zeronix will assess the following factors, in no particular order: reliability, type of vulnerability, affected products and versions, impact, side-effects, exploitation pre-conditions, required attack vectors, presence and robustness of bypassed mitigation mechanisms.

After reviewing and approving the research, Zeronix will send you the final acquisition offer and the agreement by email.

By signing the agreement, you accept the exclusive sale of your research to Zeronix and full transfer of all related intellectual property rights to us, meaning that the research becomes the exclusive property of Zeronix and you are not allowed to re-sell, share, publish, or report the research to any other person or entity at any time.

Zeronix usually pays researchers using cryptocurrencies including Bitcoin, Monero and Zcash.

Please check the Rewards section for a list of Zeronix payouts.

Zeronix takes the privacy of researchers very seriously and does not disclose, to any third party (including to customers), any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.

Zeronix even restricts internal access to your personal data on a need-to-know basis and uses your personal information for the sole purpose of processing payments.