Effectively manage security developments with our platform

Our platform brings quality researchers within your reach, so you don’t have to hire security-experts on a full-time basis who are not available anyway.

Learn more

What our platform brings to you

In the world of online security, we notice a lot of doubt when it comes to working with hackers.

Although the term ‘ethical hacking’ is gaining ground, there’s still much uncertainty that needs to be erased before the majority of companies are willing to work with hackers. Right now, online security has become a Wild West for companies. Trying to get control of risk levels by assigning security teams, hiring security companies at scheduled intervals and licensing multiple expensive solutions, but eventually, ending up with a security flow that is not insightful and with reports scattered all over the place.

What our platform brings to you
Implement smart technology

Implement smart technology

Our platform brings you to the forefront of security technology

Work with the right people

Work with the right people

Who understand and work for your objectives

Control your projects

Control your projects

By communicating directly with researchers about reports

And above all, align all these processes towards one goal!

And above all, align all these processes towards one goal

Just get an account, log in and choose a project. Next, see how Zerocopter researchers from all over the world get to work and deliver well-written, validated reports in your dashboard. We offer you the possibility to start a conversation in a thread with both the researcher and triage team member involved.

  • Start a project after logging in on our platform
  • Receive well-written reports that are validated by our triage team
  • Communicate directly with Zerocopter Researchers
  • Manage security development effectively

Want to know everything about Zerocopter?

Download our brochure
Want to know everything about Zerocopter?
Create a project

How our platform works

Step 1

Create a project

After receiving an invite to the platform, you can log in and create a project. Your project can be a Researcher Program, a Coordinated Vulnerability Disclosure, Automated Scanning or for those with a specific project, Dedicated Hacker Time.

Communicate with researchers directly

How our platform works

Step 2

Communicate with researchers directly

You decide which parts of your application are tested by our automated scanners and researched by our team of ethical hackers. You have complete control over the do’s and don’ts that apply to the way vulnerabilities are unearthed and the allowed and disallowed technical methods.

Receive constructive reports

How our platform works

Step 3

Receive constructive reports

Well-written and evidence-based reports will, after being checked by our experienced Triage Team, pop up in your platform dashboard. Constructive reports by constructive hackers.

Solve vulnerabilities

How our platform works

Step 4

Solve vulnerabilities

After receiving a report with a vulnerability, you can take the required measures to ensure this vulnerability is solved. After, you can ask the involved researcher for a retest in which the researcher will assess if the updated safety measure is adequate and well implemented. Is the vulnerability is resolved, the researcher is paid.

Automated Scanning
Coordinated Vulnerability Disclosure (CVD)
Researcher Programs
Dedicated Hacker Time
Automated Scanning

Schedule automated scans of your website to reveal hundreds of potential security issues

Use automated scanners to regularly check your website for SQL injections, cross-site scripting vulnerabilities (XSS), missing security patches, and hundreds of other potential security issues lurking in your app.

Choose your scope by simply adding URLs you wish to scan and schedule the scanner. Scanner reports are scored by severity, parsed into a readable format and immediately made visible on your dashboard.

Zerocopters scanners are updated daily to scan for the latest vulnerabilities.

Coordinated Responsible Disclosure (CVD)

Include the Coordinated Vulnerability Disclosure policy in your applications to enable users and ethical hackers to report vulnerabilities.

Just like researcher reports, reports originating from the Coordinated Vulnerability Disclosure workflow are also reviewed by our triage team of security experts. The check by our triage team means you receive accurate reports about real vulnerabilities only.

You can choose to pay rewards to individuals who report a valid vulnerability via the Coordinated Vulnerability Disclosure program, or you can pay rewards to research program participants only.

Researcher Programs

Leverage the skills of your team of elite ethical hackers to search for unknown vulnerabilities in your applications.

Many companies are unable to hire, train and retain a team of world-class security experts, with each team member having a unique set of security skills. Zerocopter gives you access to the world's best ethical hackers, whether you need 10, 50 or more researchers on your project.

Researchers are awarded on a no-cure-no-pay basis, per approved vulnerability report. By doing this, we offer you a cost-effective way to tap into the knowledge of experts without having to employ dozens of security engineers.

Dedicated Hacker Time

Enlist your special team of researchers to research your unique project for a fixed price

In need of a security check done by quality researchers? Want to steer the focus of the research? With our 10.4 - Dedicated Hacker Time, we enable you to start a program for your specific needs in one work day! Want to learn more?

Read all about our Dedicated Hacker Time

Zerocopter Budget

Zerocopter Budget

Researcher Program Guidelines

Upon launching your Researcher Program, you have to define a maximum budget for rewards. Researchers will see how much you are willing to spend on your Researcher Program. Zerocopter can help you choose an appropriate budget based on your applications and program scope.

This budget has no relation to your monthly subscription fee. You will receive a separate invoice once per month for payments made by us towards researchers who have found vulnerabilities.

View the rewards

Frequently Asked Questions

Here you’ll find the questions other clients ask us the most.

Can I give a CVD reporter a bounty?
+

A Coordinated Vulnerability Disclosure report has a reward amount of 0 euros by default, but we offer the possibility to assign a bonus to a Coordinated Vulnerability Disclosure report. A bonus bounty is always optional and totally up to the customer.

What does the triage team do?
+

Our triage team assesses all submitted reports for validity and completeness. Only complete and validated reports are accepted and forwarded to the customer.

What is the difference between bug bounty (researcher program) and penetration testing?
+

Bug bounties are compared often to traditional application security assessment methods such as penetration testing. The volume of testers involved and the differing reward models can be defined as the most significant differences between the two. Bug bounties involve a more substantial amount of diverse researchers with all different skills and experience, as opposed to a select few penetration testers. In bug bounties, your pay per vulnerability and the height of the bounty depends on the severity of the vulnerability rather than for effort.

What is the difference between a known vulnerability and an unknown vulnerability?
+

Known vulnerabilities are known to the public because they are published on the internet or when it has a CVE ID. These vulnerabilities are also added to vulnerability scanners so they can be easily detected. A vulnerability scan could be thought of as a surface-level security assessment since it only detects known vulnerabilities. A vulnerability scan cannot spot logic issues. A hacker might be able to intercept traffic and change data in transit, for example. A vulnerability scanner might not deem information disclosure as an issue. Furthermore, this type of assessment may not see images stored on the network without protection or encryption as being anything to be concerned about. However, if these images happen to be of peoples’ ID or credit cards, then that is a severe problem. A researcher can spot this and uncover the unknown vulnerabilities.

Where do the researchers come from?
+

Our community of researchers are from all over the world besides countries that are on the U.S. sanctions list.

How do you screen researchers?
+

For our researcher programs we work with a carefully selected group of security researchers worldwide. We check personal information through an ID verification, review the researchers track record through an internet background check and assess their skills. The selection of Zerocopter Researchers is done by the Zerocopter team. When irregularities occur we are authorized to exclude a researcher from the community.

What is a researcher program?
+

With a researcher program we offer the possibility to have a selected group of the best ethical hackers search for unknown vulnerabilities on your website. All researchers in our platform are screened and tested, so we can be sure we only work with the best and the most reliable researchers in the world. All reported issues are reviewed and validated by the Zerocopter’s Triage Team before publishing it to the dashboard. The researchers will be rewarded on a no-cure-no-pay basis, per approved vulnerability.

What is Coordinated Vulnerability Disclosure (CVD)?
+

In a Coordinated Vulnerability Disclosure (CVD) policy you ask when someone discovers a vulnerability in your online environment to report it as soon as possible so you can address it quickly. This policy is visible to all of your users by for example mentioning it on your homepage. Vulnerabilities discovered by users are compiled by Zerocopter and reported to you in an easy to understand overview of the problem. The reports are presented in your own dashboard, you and your team will receive an email when a report has been added or edited.

What does the scanner do?
+

The scanner finds known vulnerabilities in your site. Our scanner is a combination of the best vulnerabilities scanners available on the market. For example, OpenVAS is implemented in our scanner and we are working to implement more scanners for every aspect of your organisation.

How much do you reward per vulnerability?
+

Zerocopter uses minimal bounties to reward our Researchers for finding unknown vulnerabilities. Rewards for researcher programs are determined by the severity of the report. Each severity has a minimum reward. We subtract the average reward amount from your researcher program budget per validated vulnerability, once you set the actual reward this amount will be subtracted from the researcher program budget. The amounts are the rewards paid to the researcher and do not include a 30% handling fee. You can find the Vulnerability Price List via https://www.zerocopter.com/vulnerability-price-list

In short our platform works like this:

  • Get an invite, log in and you are ready to go
  • Start up to 25 projects depending on the plan you decided on
  • Match with the best ethical researchers available
  • Communicate directly with Zerocopter Researchers with our easy to use Dashboard
  • Choose the best service we offer out of our toolset
  • Receive usable and validated reports, turned into actionable tasks

Want the longer version?

Download brochure
Zerocopter logo
Login
Contact
For companies
How we work
Platform
Dedicated Hacker Time
Pricing
Zerocopter for
CEO
CISO
CFO
CTO
Researchers
About Zerocopter
About us
Events
Blogs
Client Cases
Careers
Download brochure
Maturity scan
Online Demo
Cyber Attack Survival Guide
Bug Bounty Game
Terms & Conditions
Privacy
Cookies
Coordinated Vulnerability Disclosure
© Zerocopter B.V.