Common questions from researchers, boutique teams, and qualified counterparties evaluating our zero-day acquisition process.
01
Clear scope
02
Confidential handling
03
Structured valuation
QUICK SUMMARY
We prioritize high-impact vulnerabilities affecting widely deployed platforms such as iOS, Android, Windows, macOS, Linux, major browsers, secure messaging applications, enterprise software, and strategically relevant network devices. The strongest submissions usually demonstrate clear exploitation value, meaningful target coverage, and a realistic path to operational use.
No. Fully developed chains are highly valuable, but we may also review strong single bugs, privilege escalations, sandbox escapes, or partial chains when the technical quality is clear. Final pricing depends on maturity, reliability, exploitability, exclusivity, and the amount of work required after intake.
The best first step is a concise summary covering target, vulnerability class, affected versions, exploit status, and your expected price range. That lets us determine fit before requesting deeper materials. If the research aligns with active priorities, we continue through secure communications and structured validation.
Useful submissions usually include a technical write-up, reproduction guidance, reliability notes, affected build information, required prerequisites, mitigation bypass details, and available proof-of-concept material. Clear documentation shortens triage time and helps us reach a commercial decision faster.
Valuation is based on impact, reliability, exploit maturity, target relevance, exclusivity, deployment scale, and the amount of engineering needed to operationalize the work. We do not treat every vulnerability in the same way; a stable, high-value chain on a strategic target will be assessed differently from an early-stage single bug.
Yes. We understand that many researchers prefer to minimize identity exposure. Our process is designed to support discreet communications, secure transfer of materials, and limited disclosure on a need-to-know basis throughout evaluation and commercial handling. However, in the case of fully anonymous submissions, providing a credible reference is important to help establish a reliable chain of trust.
Exclusivity materially affects value and review priority. If the research has already been broadly shared, sold, or disclosed, that does not automatically end the conversation, but it changes both the risk profile and the commercial terms. Being upfront about prior exposure helps avoid delays later.
Initial fit checks can happen quickly when the intake summary is clear. Full technical review depends on complexity, documentation quality, and our current queue. Mature submissions with reproducible material move faster than vague or incomplete reports.
Payment terms depend on the type of research, validation outcome, and transaction structure. Once a submission clears review and commercial terms are agreed, payment is coordinated through secure channels with attention to confidentiality, timing, and mutually accepted transfer methods.
Promising partial work may still be considered, especially when it demonstrates rare access, a strong primitive, or a strategically valuable starting point. In those cases, valuation reflects both what is already proven and what additional engineering or verification is still required.
> READY_TO_START
If your work fits our scope, we can move into technical review and commercial discussion through the contact channel.