Exodus announces new acquisition program for both Zero-Day and N-Day vulnerabilities

threat intelligenceExodus Intelligence has unveiled the new Research Sponsorship Program (RSP), focused on acquiring vulnerability research and exploits from the global cybersecurity research community. While continuing to acquire Zero-Day research, the RSP is the first widely available acquisition program to offer bounties for exploits that exercise N-Day vulnerabilities.

Exodus is also excited to be rolling out a new bonus structure for the acquisition of research that leads to Zero-Day vulnerabilities. For each new Zero-Day acquired, Exodus will offer the researcher an initial payment, received after the request is reviewed and accepted. Once accepted, the researcher could receive payments every quarter the Zero-Day exploit is still alive. The specific values of the initial payment and quarterly bonus will be included in an offer presented to the researcher, following the review of their work. Additionally, Exodus also offers payment in the form of Bitcoin for Zero-Day research.

Through the new RSP website, registered users will be able to view the Zero-Day and N-Day hitlists, representing the available bounties for each vulnerability type. The initial Zero-Day hitlist includes maximum bounties of US$500,000 for Apple iOS exploits and US$125,000 for Microsoft Edge exploits. Using the website, researchers will also be able to submit new research or exploits, and monitor the status of each submission.

Here are the details of the new Research Sponsorship Program (RSP):

Zero-Day Research:

  • The Zero-Day hitlist is published for registered users via the RSP website. If your research area is not on this list, please contact us for consideration.
  • Submissions are accepted through the RSP website. Response is typically received within 10 business days.
  • Researcher will receive public acknowledgement, if desired.
  • In addition to standard payment methods, we offer the ability for the researcher to receive periodic payment based on the shelf-life of the Zero-Day exploit.
  • Larger payments are offered based upon the completeness of the research. For example, research including valid exploits will receive the highest level of payment.
  • Payment forms include check, wire transfer, Western Union and Bitcoin.

N-Day Research:

  • The N-Day hitlist provides a prioritized list of vulnerabilities, typically CVEs, for which Exodus is purchasing exploits.
  • Only fully functional exploits will be considered and purchased.
  • Submissions are accepted through the RSP website and response is typically received within 10 business days.
  • Payment forms include check, wire transfer and Western Union.

“Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry. This additional source of research, supplemented by the investigation and validation of our world-class team, will continue to ensure that our clients receive early notification of the most critical vulnerabilities so that they can offer the best defense possible.”  – Logan Brown, President, Exodus Intelligence

Contact us via the RSP website to learn more about the program and submit you work. Alternatively, you may contact Exodus at http://www.exodusintel.com or info@exodusintel.com for subscription information and/or press inquiries.

About Exodus Intelligence

Exodus Intelligence provides clients with actionable information, capabilities, and context for proven exploitable vulnerabilities. Our world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing our clients with this knowledge before the adversaries find them. Our research also extends into the world on N-Day research, where we select critical N-Day vulnerabilities and complete research to prove whether these vulnerabilities are truly exploitable in the wild. For more information, visit www.exodusintel.com.