Zerocopter is an invite-only and closed security platform for talented security researchers. Do you like to hunt for vulnerabilities in your own time? Do you want to work and interact with well-known clients’ websites and their products? Do you have the right bug hunting skills as well as the skills to report issues in a structured way? Then you are the researcher we want!
As a Zerocopter Researcher, you’ll be hacking amongst the best in the world, and your skills will be put to the test. You will hunt for vulnerabilities in Researcher Programs for Zerocopter’s clients. You will report your findings and will be able to directly communicate about them with the triage team and our clients. How do you become a Zerocopter Researcher?Find out here
When you report a vulnerability you will know upfront what the reward will be.
Communicate with the triage team and our clients directly in a report.
You will be part of a carefully selected group of security researchers.
Unfortunately, the option to apply as a researcher at Zerocopter is currently closed due to a high number of applications. We’ll let you know in due time through our social media and our website when we open the possibility to apply. Do you want to be among the first to receive a notification when that moment comes? Leave your name and email address and we’ll send you a message.
Apply as a researcher via our application form (currently closed).
We will review individual applications for skills, track record, online reputation and ability to report issues in a structured way.
You will be invited for a trial period and will be asked to do ID verification.
In the trial period, you must deliver significant value to our Researcher Programs. When irregularities occur we are authorized to exclude a researcher from the community.
Start working on researcher programs.
After going through the Zerocopter vetting process you will be given access to the Zerocopter platform. To start hacking for our customers you will need to be invited to researcher programs. Researcher programs are not accessible for all the researchers and Zerocopter invites the researchers who match with the researcher programs since our customers can also determine a budget and duration of the researcher program is also considered in the number of invites we sent out.
We also provide a managed Coordinated Vulnerability Disclosure service to our customers. Everyone can report a vulnerability and Zerocopter will review and triage every submission so our customers can focus on fixing the problems. Submitting a report is done via the Coordinated Vulnerability Disclosure policy on the website of our customer and can be done with an account to follow the progress of the report or anonymously.
We ask you to submit a report via our platform and choose a category for the vulnerability, fill in the URL of the found vulnerability and provide a description of the vulnerability, steps on how to reproduce the vulnerability and a possible solution. This will make it easier for triage to validate your report and easier for our customers to understand your report. Triage validates every report and will ask you questions when something is not clear. After validation, your report will be sent to the customer.
Zerocopter is a closed platform. This means we don’t have public lists with our customers that use our CVD or researcher program services. We also don’t have a public list with the researchers in our platform and we don’t have a ranking.
You are not allowed to share information about vulnerabilities. If you want to publish your findings you need to obtain written approval from the program owner first.
Payments are done after a report gets the status “resolved”. Payments are distributed via bank, PayPal and Bitcoin. To receive payments, make sure that you have a working PayPal account or Bitcoin address. Unfortunately, some payment providers charge a fee for receiving money.
Leave your name and email address here and be amongst the first to receive an update when we need researchers to join us.