SecuriTeam Secure Disclosure

Turn Your Vulnerabilities into Advantages

SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

SSD helps security researchers from all over the world to take the next step toward getting properly compensated for their efforts. We work with some of the brightest and most highly compensated people in the security industry and can help you advance your game - regardless of whether you are a beginner or have been discovering security issues for years.

The process is simple; send us a brief description of a vulnerability you have discovered and Securiteam Secure Disclosure will act as your agent. With just a sentence or two description from you, we'll use our extensive contacts with vulnerability buyers to secure a list of potential purchasers. You then set a price for your vulnerability and we'll help negotiate a sale. SSD also ensures that the transaction is confidential or that you get full recognition, it's up to you.

Your work is valuable and SSD will help you get the compensation you deserve.

For more information, contact ssd[at]beyondsecurity.com

Securiteam Secure Disclosure News:

Hack in Paris
Congratulations to our Hack in Paris ticket winners, hope you will enjoy the events. All those that got the tickets should have received an email from me with the details. If you believe I have missed you and you should have received an email, please contact me ASAP.

More conferences
We are getting ready for the summer conference season and so far we are looking to give away tickets to:

• EkoParty (Argentina)
• PoC (Korea)

We are currently looking into sponsoring events from all over the world, got any suggestions? let me know.

PoC (Korea)
If you had a chance to attend last year's PoC you will know how committed we are to this event. This year we have decided to take it one step further, we will be doing an exploit / vulnerability contest with cash prizes which will make your effort to attend and prove yourself worthwhile. More details will be provided as we get closer to the event.

CoreLan Training
Congratulations to our researchers that won an entry to the upcoming CoreLan training course, one of them will be attending the HiP training event. I am eagerly waiting to hear about it. We will be looking to giving out similar prizes to our researchers. So please let me know if you have suggestions on similar courses/training we should consider.

Bounty Hunt
Thank you all for sending in your Mozilla Firefox submissions. The bounty still stands, so please go ahead and keep submitting if you have anything interesting. See below the description and details:

Mozilla Firefox bounty
Firefox vulnerabilities:

We are looking for the following issues under Windows 7:

• Remote Code Execution
• Information Disclosure

The vulnerabilities may be found in any part of the Firefox project, including:

• Core engine
• JS engine
• Objects related engines (MathML, SVG, etc.)
• Third party modules (sqlite3, libimg, etc.)
• Anything that is compiled into Firefox by default!

Researcher Compensation Plan
A reminder that we are now offering a "committed researcher plan", where you get a growing bonus on the 2nd vulnerability, 3rd vulnerability, and so on. If you have sold more than one vulnerability to us since 2013, you are entitled to receive a bonus payment for your efforts.

As usual, contact me for more details about any of the above.

Thanks,

Noam Rathaus