Benefits | Zero Day Initiative

<!DOCTYPE html>   <html class="no-js">  <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Benefits | Zero Day Initiative</title> <meta name="description" content=""> <meta name="keywords" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> <link rel="shortcut icon" type="image/x-icon" href="/images/favicon.png?v1"/>  <meta property="og:title" content=""/> <meta property="og:description" content=""/> <meta property="og:type" content="website"/> <meta property="og:url" content="https://zerodayinitiative.com"/> <meta property="og:image" content="https://zerodayinitiative.com/images/logo-footer.svg"/>  <meta property="twitter:card" content="summary" /> <meta property="twitter:site" content="@thezdi" /> <meta property="twitter:title" content="" /> <meta property="twitter:description" content="" /> <meta property="twitter:image" content="https://zerodayinitiative.com/images/twitter-card-img.png" /> <link href="https://fonts.googleapis.com/css?family=Titillium+Web:300,400,600,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"> <link rel="stylesheet" href="/css/main.css"> <script src="/js/modernizr-2.6.2-custom.js"></script> <meta name="google-site-verification" content="Fg7Cv9bbfjatWXeO3ZV5PHYiFFvOkmQ07rVzqm5zqGo" />  <script async src="https://www.googletagmanager.com/gtag/js?id=G-DBFMYZ5KK8"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-DBFMYZ5KK8'); </script> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r; i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date(); a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g; m.parentNode.insertBefore(a,m)})(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-93169700-1', 'auto'); ga('send', 'pageview'); </script> </head> <body class=""> <div id="nav" class="group"> <div id="navContent"> <div class="nav__container"> <div class="nav__header"> <div class="global-header__logo"> <a href="/"><img src="/images/logo.svg" alt="thezdi"/></a> </div> <div id="mobileNavIcon" class="js-mobile-nav-toggle">Menu</div> <div id="mobileOverlay"></div> </div> <nav class="nav__list" role="main-navigation"> <ul class="list-no-bullets"> <li class="nav__tier1"><a href="https://www.trendmicro.com/privacy">PRIVACY</a></li> <li class="nav__tier1"><a href="/about/">WHO WE ARE</a></li> <li class="nav__tier1"><a href="/about/benefits/">HOW IT WORKS</a></li> <li class="nav__tier1"><a href="/blog/">BLOG</a></li> <li class="nav__tier1"><a href="/advisories/">ADVISORIES</a></li> <li class="nav__tier1 userActions"> <a href="/portal/">LOG IN</a> <a href="/portal/register/">SIGN UP</a> </li><li> </li> </ul> </nav> </div> </div> </div>  <div class="off-canvas"> <nav class="off-canvas__list" role="main-navigation2"> <div class="js-mobile-nav-toggle">Menu</div> <ul class="topMenu"> <li class="nav__tier1"><a href="https://www.trendmicro.com/privacy/">PRIVACY</a></li> <li class="nav__tier1"><a href="/about/">WHO WE ARE</a></li> <li class="nav__tier1"><a href="/about/benefits/">HOW IT WORKS</a></li> <li class="nav__tier1"><a href="/blog/">BLOG</a></li> <li class="nav__tier1"><a href="/advisories/">ADVISORIES</a></li> <li class="nav__tier1"><a class="sign-in" href="/portal/">LOG IN</a></li> <li class="nav__tier1"><a class="sign-in" href="/portal/register/">SIGN UP</a></li> </ul> <ul class="bottomMenu"> <li class="nav__tier1 logo"><a href="/"><img src="/images/logo.svg" width="125" height="37" alt="thezdi"/></a></li> <li class="nav__tier1"><a href="https://www.trendmicro.com/">Trend Micro</a></li> </ul> </nav> </div>  <div id="imageMasthead" class="slim"> <div class="content"> <div class="oneCol"> <h1>Program Benefits</h1> </div> </div> </div> <div class="status-bar"> <div class="content"> <div class="oneCol"> </div> </div> </div> <section class="blueBg processBg"> <div class="section text"> <div class="contentBlock"> <p>We work hard to make participating in the ZDI program easy and rewarding for researchers.<br/> Plus, the program only gets more rewarding as your contributions increase.</p> <a href="/advisories/disclosure_policy/" class="btn pull-left readMore">VIEW DISCLOSURE POLICY</a> <div class="section text other-template" style="padding-bottom: 0px;"> <p>The amount we offer to a researcher for a particular vulnerability depends on the following criteria:</p> <ul> <li> <p>Is the affected product widely deployed?</p> </li> <li> <p>Can exploiting the flaw lead to a server or client compromise? At what privilege level?</p> </li> <li> <p>Is the flaw exposed in default configurations/installations?</p> </li> <li> <p>Are the affected products high value (e.g. databases, e-commerce servers, DNS, routers, firewalls)?</p> </li> <li> <p>Does the vulnerability require a social engineering component? (e.g. clicking a link, visiting a site, connecting to a server, etc.)</p> </li> </ul> <p>To determine the worth of a vulnerability, researchers should sign up for an account and submit it for a valuation. If an offer is not made or an offer is made but not accepted by the researcher, the vulnerability information will remain the property of the researcher and will not be used in the Zero Day Initiative (ZDI) program. We reserve the right to not make an offer to acquire a vulnerability for any or no reason. </p> <p>The success of the ZDI program depends on developing a mutual trust and loyalty over time with participating security researchers. To reward repeated patronage of the ZDI, we developed the following incentive programs. <br><br> </p> <p><strong>ZDI Referral Program</strong></p> <p>For each new researcher that is referred to the ZDI, the referrer is given 2,500 ZDI Rewards points (see below) after that referral's first vulnerability is acquired under the ZDI. </p> <p><strong>ZDI Rewards Program</strong></p> <p>As a member of the ZDI program, you earn points each time a vulnerability submission is purchased. Points are treated in a manner similar to airline frequent flyer miles - points accrue each year on a dollar-for-dollar basis based on the total amount paid for vulnerability submissions by the researcher during that calendar year. For instance, if the Zero Day Initiative buys your vulnerability for $5,000, then you receive 5,000 points for that submission. For all of this calendar year, if you receive 47,000 points, then for the next calendar year you will be considered to have ZDI Gold status. To maximize your submission, review the information provided by <a href="https://www.zerodayinitiative.com/blog/2017/9/5/getting-into-submitting-how-to-maximize-your-research">this blog</a>. It offers helpful tips to ensure you get the most from your submission. </p> <p>Each level offers exclusive awards and benefits, each of which last for the one calendar year period following the year in which the points were earned: </p> </div> <div class="timeline" style="margin: 50px auto;" data-anchor="process"> <h2>PROCESS</h2> <div class="trunk"> <div class="vLine"></div> <div class="branch left"> <div class="content"> <h5>DISCOVER</h5> <p>A researcher identifies a previously unpatched vulnerability. </p> </div> </div> <div class="branch right"> <div class="content"> <h5>SUBMIT</h5> <p>The vulnerability is submitted through our secure portal and a case ID is created.</p> </div> </div> <div class="branch left"> <div class="content"> <h5>VALIDATE</h5> <p>We verify the submission and e-mail an offer to the researcher.</p> </div> </div> <div class="branch right"> <div class="content"> <h5>REWARD</h5> <p>The researcher accepts the offer, and is paid promptly by check or wire transfer.</p> </div> </div> </div> <div class="branch center"> <h5>NOTIFY</h5> <p>We notify the affected vendor before sharing the research with other vendors and the public.</p> </div> </div> </div> </div> </section> <section data-anchor="researcher-rewards" class="blackBg halfFullImageContainer"> <div class="section"> <div class="contentBlock"> <div class="twoCols"> <div class="column"> <h2>RESEARCHER REWARDS</h2> <p>As an added perk for researchers, ZDI offers a Researcher Rewards Program which can substantially increase rewards and bonuses for researchers who are especially productive within the program. As a member of the program, you receive one point for every dollar you are paid for your submitted vulnerabilities.</p> <a href="/portal/" class="btn btn-primary rounded yellow">REGISTER NOW</a> </div> </div> </div> </div> <div class="halfFullImage research-rewards"></div> </section> <div class="blackBg program"> <div class="box bronze"> <h2>15,000 Points</h2> <p>BRONZE</p> <img src="/images/cup-bronze.svg" alt=""> <a class="learn-more">LEARN MORE</a> <div class="overlay"> <a class="hideOverlay"></a> <div> <ul> <li>One-time bonus of $2,000</li> <li>10% bonus on submissions</li> <li>10% point multiplier</li> </ul> </div> </div> </div> <div class="box silver"> <h2>25,000 Points</h2> <p>SILVER</p> <img src="/images/cup-silver.svg" alt=""> <a class="learn-more">LEARN MORE</a> <div class="overlay"> <a class="hideOverlay"></a> <div> <ul> <li>One-time bonus of $5,000</li> <li>15% bonus on submissions</li> <li>15% point multiplier</li> </ul> </div> </div> </div> <div class="box gold"> <h2>45,000 Points</h2> <p>GOLD</p> <img src="/images/cup-gold.svg" alt=""> <a class="learn-more">LEARN MORE</a> <div class="overlay"> <a class="hideOverlay"></a> <div> <ul> <li>One-time bonus of $10,000</li> <li>20% bonus on submissions</li> <li>25% point multiplier</li> </ul> </div> </div> </div> <div class="box platinium"> <h2>65,000 Points</h2> <p>PLATINUM</p> <img src="/images/cup-platinium.svg" alt=""> <a class="learn-more">LEARN MORE</a> <div class="overlay"> <a class="hideOverlay"></a> <div> <ul> <li>One-time bonus of $25,000</li> <li>25% bonus on submissions</li> <li>50% point multiplier</li> </ul> </div> </div> </div> </div> <div id="footer"> <div id="footerContact"> <div class="content"> <div class="footerContactBox"> <h3>General Inquiries</h3> <a href="mailto:zdi@trendmicro.com">zdi@trendmicro.com</a> </div> <div class="footerContactBox"> <h3>Find us on X</h3> <a href="https://twitter.com/thezdi">@thezdi</a> </div> <div class="footerContactBox"> <h3>Find us on Mastodon</h3> <a rel="me" href="https://infosec.exchange/@thezdi">Mastodon</a> </div> <div class="footerContactBox"> <h3>Media Inquiries</h3> <a href="mailto:media_relations@trendmicro.com">media_relations@trendmicro.com</a> </div> <div class="footerContactBox"> <h3>Sensitive Email Communications</h3> <a href="https://www.zerodayinitiative.com/documents/zdi-pgp-key.asc" target="_blank">PGP Key</a> </div> </div> </div> <div id="footerMenu"> <div id="footerMiddleSection" class="group"> <div id="footerLinks"> <div class="content"> <div class="footerLinkBox"> <a href="/about/" class="footerTitleLink">WHO WE ARE</a> <ul> <li><a href="/about/">Our Mission</a></li> <li><a href="https://www.trendmicro.com">Trend Micro</a></li> <li><a href="https://www.trendmicro.com/en_us/business/products/network/integrated-atp/next-gen-intrusion-prevention-system.html">TippingPoint IPS</a></li> </ul> </div> <div class="footerLinkBox"> <a href="/about/benefits/" class="footerTitleLink">HOW IT WORKS</a> <ul> <li><a href="/about/benefits/#process">Process</a></li> <li><a href="/about/benefits/#researcher-rewards">Researcher Rewards</a></li> <li><a href="/about/faq/">FAQS</a></li> <li><a href="https://www.trendmicro.com/privacy/">Privacy</a></li> </ul> </div> <div class="footerLinkBox"> <a href="/advisories" class="footerTitleLink">ADVISORIES</a> <ul> <li><a href="/advisories/published">Published Advisories</a></li> <li><a href="/advisories/upcoming">Upcoming Advisories</a></li> <li><a href="/rss">RSS Feeds</a></li> </ul> </div> <div class="footerLinkBox"> <a href="/blog" class="footerTitleLink">BLOG</a> </div> <div class="footerLogo"> <a href="/"><img src="/images/logo-footer.svg" alt="thezdi"/></a> </div> </div> </div> </div> </div> </div> <script>var baseURL = ""</script> <script src="/js/min/main.js"></script> </body> </html>

CINXE.COM

Benefits | Zero Day Initiative