Crowdfense officially launches Vulnerability Research Hub
Trading platform for zero-day vulnerabilities now out of beta, open for business
UAE bug bounty company Crowdfense has officially launched its Vulnerability Research Hub.
The hub, which will allow bug researchers and brokers to share and trade zero-day vulnerabilities, has now been shifted from beta mode after being internally developed and fine-tuned for several months.
Crowdfense is now opening the process-oriented platform to a wider audience of researchers and brokers interested in trading zero day cyber capabilities, which can be both within the scope of Crowdfense public Bug Bounty Program or freely proposed, for a specific set of key targets.
"This is our next step in standardizing and supporting the development of what has now become a strategic industry," said Andrea Zapparoli Manzoni, Director of Crowdfense. "This is not a ‘dark market' anymore. Our platform helps the best researchers in the world to professionally and securely submit, discuss, test, contract and receive enticing payments for their zero-day findings, in an ordered and secure way. Early testers have been extremely satisfied by the unique partnership, testing and payment opportunities we provide."
The platform allows researchers to submit zero-day capabilities which are then reviewed together with the Crowdfense team. Once a submission is substantiated, Crowdfense works with the researcher to contract for final deliverable, test the code and award the bounty.
This process-centric approach ensures a faster time-to-market for sellers and higher quality products for customers, since all assets are delivered with the Crowdfense stamp of approval and are fully tested, documented and vetted in advance.
Technically, the platform is organized into a streamlined set of workflows, with maximum OpSec for all participants. It is based on a zero-trust model and offers a reduced attack surface, anonymity (if desired), full E2E encryption and several other advanced security features, both client and server side.
The VRH 1.0 features include account and keys management and step-by-step workflows for the submission, technical evaluation and discussion of vulnerabilities, contracting and pricing definition, follow-up and maintenance of zero-day capabilities over time.
The Vulnerability Research Hub launch comes just five months after Crowdfense announced its $10 Million Public Bug Bounty program, which is the largest in the world. The Bug Bounty Program has received a substantial number of responses and the company has paid out over $5 million in a short time.
According to its mission, Crowdfense is only interested in evaluating exploits that allow government agencies to lawfully find and extract information from specific targets and is not purchasing zero-days which can be deployed to disrupt or damage critical systems. This applies equally to the Bug Bounty Program and the VRH.