Skip to content
SSD Secure Disclosure Advisories
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
SSD Advisory - 3435
SSD Advisory - 3700
SSD Advisory - 3723
SSD Advisory - 3724
SSD Advisory - 3727
SSD Advisory - 3731
SSD Advisory - 3736
SSD Advisory - 3737
SSD Advisory - 3743
SSD Advisory - 3747
SSD Advisory - 3751
SSD Advisory - 3758
SSD Advisory - 3759
SSD Advisory - 3765
SSD Advisory - 3766
SSD Advisory - 3769
SSD Advisory - 3778
SSD Advisory - 3781
SSD Advisory - 3783
SSD Advisory - 3786
SSD Advisory - 3796
SSD Advisory - 3802
SSD Advisory - 3814
SSD Advisory - 3904
SSD Advisory - 3928
SSD Advisory - 3944
SSD Advisory - 3957
SSD Advisory – 3915

SSD Secure Disclosure

SSD Secure Disclosure

SSD helps security researchers turn their skills in uncovering security vulnerabilities into a career. Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities responsibly reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software or devices.

The SSD Community

As part of our vulnerability disclosure program we have established a community of researchers. We believe in long-term investment in this group and we provide the tools, education and knowledge they need to find more vulnerabilities and advanced attack vectors and discover innovative ways to exploit them.

We sponsor researcher’s workshops, courses, software licenses, hardware and conference attendance.

We are always looking for new researchers to join our community. That’s why we are promoting our “Friend Bring Friend” program. When you refer us a new researcher that starts working with us on Operating systems / Mobile / Web Browsers – you get 10,000$ USD / For other vulnerabilities – you get 1,000$ USD

As another way to support the international community we sponsor security conferences around the world – from Black Hat USA to community conferences such as DefCamp Romania. We publish vulnerability technical information in our blog (, on Twitter (@SecuriTeam_SSD) and in vendor advisories. We also give lectures and host hacking competitions at international security conferences.

In 2018 we sponsored and some of our researchers attended: OffensiveCon Hack In The Box Zer0con CanSec

Table of Contents



  • How much can I earn from working with you? The amount paid depends on two different variables:

    • How widespread is the software/hardware? Popular products typically reach higher amounts.
    • How critical is the vulnerability? For example, if you find an unauthenticated arbitrary code execution vulnerability, you would be paid substantially more than for a Cross Site Scripting vulnerability.
  • What if I want to stay anonymous?

    • Fine by us! A lot of our researchers choose to stay anonymous.
  • What is your policy regarding privacy and confidentiality of researcher’s information?

    • We take the privacy of researchers very seriously and do not disclose to any third party (including to customers) any personal information about researchers such as names, aliases, email addresses, bank details, or any other personal or confidential information.
  • What is the difference between SSD and Bug Bounties or other programs?

    • Financially:
      • We pay more than bug bounty programs.
      • If a vendor doesn’t have a bug bounty program – we are still interested in acquiring the vulnerability and reporting it to the vendor.
      • We believe researchers need to get paid for their effort and we are willing to offer higher rewards.
    • Administratively:
      • We will handle all the reporting process.
      • We will publish your research and attribute it per your instructions.
  • How do I submit my questions or research?


Reach us out at one of the following places:

You can’t perform that action at this time.