Quick
handling
When a vulnerability is found, it needs to get into the right hands quickly. We offer a fast and straightforward approach to disclosing your research and the quickest submission process out there.
Generous
rewards
We believe researchers' efforts should be compensated with the highest payouts. If a vendor doesn’t accept disclosures, we will still be interested in acquiring the vulnerability and reporting it.
Done
discreetly
Many of our researchers utilize our maximum privacy protection and choose to stay anonymous when submitting their findings. We take the privacy of our researchers very seriously and will never disclose any information to third parties (Customers included).
SSD provides the knowledge, experience and tools needed to find and disclose vulnerabilities and advanced attack vectors.
What We Do
01
Submit
The researcher sends us a brief description of the vulnerability for review
02
Signs
the researcher submits the full discovery details and exploits. our team tests and verifies the findings.
03
validate
SSD signs a detailed contract – focused on protecting your research.
04
get paid
the researcher gets the full payout within a week
05
publish
the vulnerability is disclosed and published. Full credit is given to the researcher.
Our targets of interest include a vast scale of software and hardware and is being updated constantly. We are always on the lookout for:
web
browsers
Chrome (RCE or SBX)
Safari
Firefox (RCE)
UNISOC T612 RCE
Summary UNISOC (Shanghai) Technologies Co., Ltd. is a top-three global fabless semiconductor company headquartered in Shanghai, specializing in 2G/3G/4G/5G mobile communication, IoT, and smart device chipsets. Formerly Spreadtrum, it serves major brands like Honor, realme,
Chrome GPU Sandbox Escape via Qualcomm Adreno and ARM Mali GPU Drivers
Summary Google’s Threat Analysis Group (TAG) recently discovered two critical vulnerabilities in Android GPU drivers being actively exploited in the wild. Both bugs enable Chrome sandbox escape when exploited from a compromised renderer. Clément Lecigne
Joomla! Novarain/Tassos Framework Vulnerabilities
Summary Source code review of the Novarain/Tassos Framework revealed three critical primitives – unauthenticated file read, unauthenticated file deletion, and SQL injection leading to arbitrary database read – across five widely deployed Joomla! extensions (Convert
