Securiteam Secure Disclosure (SSD) is a vulnerability disclosure program established in 2007 by Beyond Security.
Products we are interested:
How much can I earn from working with you? The amount paid to you depends on 2 different variables:
The amount paid to you depends on 2 different variables:
What if I want to stay anonymous?
Fine by us! A lot of our researchers choose to stay anonymous!
What is your policy regarding privacy and confidentiality of researcher's information?
We take the privacy of researchers very seriously and does not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.
Which payment methods are available? We support various payment methods? Wire transfer, PayPal (up to $2000), Bitcoin, Gift cards, etc
How to submit my research?
Send us an email to email@example.com - that's easy!
What is SSD community? How do I join?
We strongly believe in community, that's why we establish closed community where we sponsor flights / commendations / conference entry / software licenses / hardware / workshops / courses etc to our researchers. You can join the community by start working with us! Report us your vulnerabilities and be part of our community!
As part of our vulnerability disclosure program we established closed community where we invest a lot of resources to support the researchers who works with us. We believe in long-term investment and if we will provide the tools, education and knowledge to our researchers, they will find more vulnerabilities / advanced attack vectors and innovative ways to exploit them.
We sponsor researcher's workshop / courses / software license / hardware / conferences - flights, entry tickets, accommodation and more!
We are always looking for new researchers to be part of our community. That's why we are promoting our "Referring a friend program". We basically offer $4000 to researcher who refer us to a new security researcher that starts to work with us.
As part of our way to support the international community we sponsor security conferences around the world - from Black Hat USA to community conferences such as DefCamp Romania. We publish the vulnerabilities technical information in our blog (blogs.securiteam.com), Twitter (@SecuriTeam_SSD) and vendor advisories. We also proud to give lectures and hacking Competitions in international security conferences.
1) Vulnerability Title
2) Date of submission
3) Description of Product (from vendor/site)
4) Description of Vulnerability
4.5) Binary Affected
4.6) Binary Version
4.7) Binary MD5
5) Configuration Requirements
6) Vulnerability Requirements
7) Vulnerability Summary Information
7.1) Vulnerability Class
7.2) Affected Versions Tested
7.3) Affected Versions Assumed (explain assumption)
7.4) Unaffected Versions
7.5) Affected Platforms Tested (Windows, Linux, 32bit, 64bit, XP, Vista, 7, Ubuntu, etc)
7.6) Reliability Rating (Percentage)
7.7) Supported Targets (In what environment your PoC/exploit works 32bit/64bit, Windows, Linux, etc)
7.8) Attack Vector (Client Side File, Remote LAN, etc)
7.9) Exploitation Impact (Code Execution, Denial of Service, etc)
7.10) Exploitation Context (runs on Server/ attacks User)
7.11) Exploitation Indicators (crash of product, product closes and shell executes, log file indicates crash, etc)
7.11.1) In case of a just a "crash", how to debug and see the crash
7.11.2) In case of an exploit, how to change the shellcode
7.12) Perquisites (enabling certain checkboxes, certain configuration settings)
8) CVSS Score (use http://nvd.nist.gov/cvss.cfm?calculator&version=2 )
9) Vulnerability Workaround (can the vulnerability be mitigated by enabling some feature)
10) Vulnerability Technical Details
12) Items delivered (a list of files provided with the submission, what they do and how to use them, if any third-party are needed to compile the exploit please provide a URL, or reference to it)
Older SSD pages:
SecuriTeam Secure Disclosure Newsletter 07
SecuriTeam Secure Disclosure Newsletter 06
SecuriTeam Secure Disclosure Newsletter 05
SecuriTeam Secure Disclosure Newsletter 04
SecuriTeam Secure Disclosure Newsletter 03
SecuriTeam Secure Disclosure Newsletter 02
SecuriTeam Secure Disclosure Newsletter 01