White hat hackers
Do you accept exploit submissions?
We only accept submissions from reputable companies with a public track record of responsible issue reporting, or well known, public individuals. The bar is high here - just a website with a few testimonials won't do.
Sadly, we don't have a solid policy about what constitutes an issue, but in general, please don't expect a payout.
We do not, under any circumstances, accept submissions from anonymous sources, random individuals, generic gmail addresses etc. The reason for this is complicated, and we have noticed that opening up communication with non-verified sources can put us at risk.
In the past, there was a user that submitted a reasonably high priority issue that affected our helpdesk only. We paid him a little bit and he was grateful. He also confirmed he deleted any data he may have obtained. Some years afterwards, he attempted to blackmail us saying he would release information and it would be "the end of our business". We knew he had nothing of interest to share due to the exploit, but this has affected who we deal with. As such, we simply ignore emails unless they come from reputable and verifiable sources.