Zerodium is an American

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

company founded in 2015 with operations in

Washington, D.C. ) , image_skyline = , image_caption = Clockwise from top left: the Washington Monument and Lincoln Memorial on the National Mall, United States Capitol, Logan Circle, Jefferson Memorial, White House, Adams Morgan, ...

, and

Europe Europe is a large peninsula conventionally considered a continent in its own right because of its great physical size and the weight of its history and traditions. Europe is also considered a Continent#Subcontinents, subcontinent of Eurasia ...

. Its main business is developing and acquiring premium zero-day exploits from security researchers and reporting the research, along with protective measures and security recommendations to its government clients as part of the ZERODIUM Zero Day Research Feed. The company has reportedly more than 1,500 researchers and has paid more than $50,000,000 in bounties between 2015 and 2021.

History

Launched on July 25, 2015, by Vupen's founders (a French information security company), Zerodium was the first company to release a full pricing chart for zero-days ranging from $5,000 to $1,500,000 per exploit. The company was reported to have spent between $400,000 to $600,000 per month for vulnerability acquisitions in 2015. In 2016, the company increased its permanent bug bounty for iOS exploits to $1,500,000. Zerodium published a new pricing chart exclusively for mobile zero-days ranging from $10,000 to $500,000 per exploit in the year 2017. The company also announced a time-limited bounty of $1,000,000 for

Tor browser Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conc ...

exploits. New products were added by the company in 2018 to its bounty program including cPanel, Webmin, Plesk, Direct Admin, ISP Config, OpenBSD, FreeBSD, and NetBSD. It also then increased its payouts for various software including a bounty of up to $500,000 for Windows remote code execution exploits. In January 2019, Zerodium once again increased its bounties for almost every product including a payout of $2,000,000 for remote iOS jailbreaks; $1,000,000 for WhatsApp, iMessage, SMS, and MMS RCEs; and $500,000 for Chrome exploits. Fast forward to September 2019, Zerodium increased its bounty for Android exploits to $2,500,000, and for the first time, the company is paying more for Android exploits than iOS. Payouts for WhatsApp and iMessage have also been increased. The company is reportedly spending between $1,000,000 to $3,000,000 each month for vulnerability acquisitions. Its official website revealed that Zerodium has more than 1,500 researchers as of June 2021 and has launched additionally to its permanent bounties, a time-limited bug bounty program which aims to acquire other zero-day exploits that are not within Zerodium's usual scope or for which the company is temporarily increasing the payouts.

Criticism

Reporters Without Borders Reporters Without Borders (RWB; french: Reporters sans frontières; RSF) is an international non-profit and non-governmental organization with the stated aim of safeguarding the right to freedom of information. It describes its advocacy as found ...

criticized Zerodium for selling information on exploits used to spy on journalists to foreign governments.

References

External links

* {{Hacking in the 2010s Computer security companies American companies established in 2015 Computer security exploits Companies based in Washington, D.C. Cyberwarfare

History

Criticism

See also

References

External links