Our rewarding policy is simple. When you report a vulnerability you will know upfront what the reward will be. If it’s a valid (non-duplicate) vulnerability we directly fulfill the payment of your reward.
We believe that a concentrated group of researchers, able to discuss and collaborate on a program is the most productive way to work. That's why we work with private programs where an average of 10 researchers are invited.
Submitted reports are usually triaged in less than 24 hours, but it can take up to 72 hours in some cases. We manage to do triage efficiently due to the high cohesion between our internal triagists and internal and external researchers.
Learn and earn at the same time. We believe working together with other skilled researchers on real programs, with real rewards, is the best way to gain more knowledge and skills. As you improve, you'll automatically get invited for more programs.
We have an invite system in place that allows you to invite other researchers to Zerocopter.
Payments are distributed via bank, PayPal and Bitcoin. To receive payments, make sure that you have a working PayPal account or Bitcoin address.
You are not allowed to share information about vulnerabilities. If you want to publish about your findings you need to obtain written approval from the program owner first.
You will be part of a carefully selected group of security researchers. We check your personal information, verify your identity and review your track record.
Our support form is available on every page on our website and on our platform. We offer support Monday to Friday from 9:00 to 18:00 CET.
Unfortunately some payment providers charge a fee for receiving money.