Crowdfense, a premiere vulnerability research channel based in Dubai, has just announced that it will be launching a web-based Vulnerability Research Platform (VRP) to facilitate vulnerability sharing, researching, and the selling of single zero-day exploits as well as exploit chains. This entails that Crowdfense purchase such exploits from researchers or submitting users and sell it onto research institutions and other bodies such as government intelligence to facilitate their interests in the study of known vulnerabilities.
Crowdfense has announced that its Vulnerability Research Platform version 1.0 will be going live on the 3rd of September. The platform will have account and key management for users. It will also thoroughly outline clear cut ways of submitting security vulnerabilities as well as a multitude of links to guide users in terms of pricing, follow up, evaluation, and classification. The company plays its part in ensuring fair trade and the quality of the resources channeled back and forth using its platform.
Through the VRP, Crowdfense experts work in real time with researchers to evaluate, test, document and refine their findings. The findings can be both within the scope of Crowdfense public Bug Bounty Program or freely proposed by researchers (for a specific set of key targets). Andrea Zapparoli Manzoni, Director of Crowdfense
The platform has been designed in a very particular fashion to ensure that both the interests of submitting users and customers are served in the 0day market. Crowdfense’s VRP is fundamentally based on a zero-trust model. There is enhanced operations security for users on either ends of the trading spectrum, and the channel is secured with end to end encryption as well. Several beta versions of the platform were tested over months to ensure that the most safe and attractive platform is released by the company.
Crowdfense promises quality assurance with its thorough validation process of exploits, featuring a quick trade time as the company has already verified and tested uploads beforehand. The company aims to maintain consistent quality, support, and efficiency to emerge as the single, most capable vulnerability database for researchers that is set to be made into the standard.