Education

Talent Accelerator

SOC Analyst

Pen Testing Active Directory

Free Course: Intro to Security Research

For Companies

Hire from Zumaroc

Hacker Score

Bug Bounties

Crowdsourced Penetration Testers

ZrocCyberSec™
Login
Education

Talent Accelerator

SOC Analyst

Pen Testing Active Directory

Free Course: Intro to Security Research

For Companies

Hire from Zumaroc

Hacker Score

Bug Bounties

Crowdsourced Penetration Testers

ZrocCyberSec™
Login

ZrocCyberSec™

An extensible vulnerability disclosure framework
designed to accommodate changes.

LEARN MORE

What are you looking for?

Find answers to the most common questions below.

Why ZrocCyberSec™

ZrocCyberSec™ is a crowdsourced security platform for security researchers and enterprises. Nothing is immune in the digital world. Security research is the closest we have to immunity, so it makes sense that individuals get rewarded. Experts agree that the "democratization" of bug bounty programs, will reduce ransomware.

Enterprises can be on the leading edge of security and start a:

Crowdsourced Pen Test program

Nex Gen Phishing simulation

Vulnerability Disclosure program

What is the Vulnerability Disclosure Policy ?

1. We take the security of our systems seriously
We value organizations working together with the security researcher community.

2. Guidelines - We require that all researchers:

  • Perform research only within the scope set out below.
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
  • Keep information about any vulnerabilities discovered confidential until we have had [90] days to resolve the issue with the corresponding organization.
  • If you follow these guidelines when reporting an issue to ZrocCyberSec™, we commit to:
  • Not take or support any legal action related to your research.
  • Work with you to understand and resolve the issue quickly (including an initial confirmation of your report within 72 hours of submission).

3. Scope - the following test types are allowed

  • [Target URI]
  • [Product Information]

4. Out of scope - the following test types are not allowed

  • DoS.
  • Social engineering and Phishing against users, company staff, etc.
  • Vulnerabilities that can easily be found with automated scanners .
  • Any service hosted by 3rd party providers are excluded from scope (eg. CRM software, etc)

How security researchers get paid ?

Researchers are only paid for verified, original findings.

Researchers do not get paid for their time or for findings that another researcher already reported. So, only unique, valid vulnerabilities you report to us are eligible for payments.

Payment process ?

Bounty payments typically happen either after the vulnerability is confirmed, or after it is fixed by the corresponding organization.

When it is determined that the researcher has reported a valid vulnerability, they can be paid the appropriate amount - as adverstised - for the criticality of the vulnerability through ZrocCyberSec™ platform.

Notice:
[1] After bug confirmation the researcher provides bank account details for payments, less platform fees.
[2] Platform fee is dependent on the vulnerability payout amount.
[3] Terms and conditions apply - read the docs!