Zerodium is a reputable place where you can sell zero-day exploits.
Hackers and security researchers know that Zerodium is a way to cash in on vulnerabilities that they discover in operation systems, software and hardware, and devices.
There are several ways that you can make money from discovering vulnerabilities.
- You can disclose the vulnerability to the software or hardware vendor. Many companies offer a “Bug Bounty” program where they pay for such discoveries. It is the “White Hat” thing to do.
- You can sell the exploit on the black market. If you do this, your exploit will undoubtedly be used for nefarious purposes, and you are likely to be criminally liable for any bad things that happen. But such “black hat” buyers are likely to pay the highest dollar for exploits.
- You can sell the vulnerability to Zerodium or a similar organization. These companies are “grey hat.”
Zerodium has a strong track record of protecting their sources. The company pays an attractive bounty and is only interested in high-risk vulnerabilities and fully functional and reliable exploits.
For example, if you find a way to penetrate a newer iPhone, you can certainly sell the hack to Zerodium for a nifty 7 figure sum.
What does Zerodium do with vulnerabilities that it purchases?
Zerodium is very selective on who they resell the vulnerabilities too. Their customers are governments and large defense companies who have the ability and willingness to pay very high sums for such information.
Zerodium has an internal team of researchers who analyze, test, secures, and documents the vulnerability before providing it to the end-user/customer.
Zero-day exploits usually have a short shelf life. Eventually, the vulnerabilities are found and patched. But the persons who initially identify the feat can undoubtedly cash in at Zerodium or similar sites.