The Exploit Acquisition Program enables Netragard to collect exclusive intelligence about 0-day vulnerabilities, to identify new methods of exploitation, and to find new and otherwise rare talent. The product of the program is used to augment Netragard’s advanced service offerings and to satisfy specific and unique client requirements. Netragard urges software vendors to become registered members of the program as to help facilitate more secure computing environments for their customers.
We welcome ethical vulnerability researchers to our program. If you agree to our process then please register by clicking on the “I agree to the EAP process” link below.
Our process is as follows:
- You must register with real information.
- You must be the author of the 0-day exploit (“Item”) being sold or must have authority to sell said Item
- Netragard is a broker, we do not determine interest or value for the Item that you submit.
- You must submit an EAF first and then our buyers will determine if your EAF describes an Item of interest.
- If your EAF describes an Item of interest then we will reach out to you and begin negotiations. (Please feel free to reach out to email@example.com at any point to check up on a submitted Item.)
- If your Item is of interest then you must sign our Mutual Confidentiality Agreement as well as our Software Purchase Agreement in order to move forward. If you do not sign either of these then we cannot service you. The Software Purchase Agreement defines payment structure and additional requirements.
- If our buyers express interest in your Item then we will work to negotiate the highest buying price for you.
- If you agree to the buying price then we will notify our buyers.
- Our buyers will issue a Purchase Order.
- Once the purchase order is received we will notify you and you must submit your Item to us using PGP encrypted email. Your Item will go directly to a predefined email address.
- We will verify that your Item works as advertised by your EAF.
- If the Item does not work as advertised then we will ask you to fix the Item.
- If you cannot fix the Item then we will reject the Item and destroy all copies. (No, we don’t steal code that would put us out of business).
- If your Item passes the vetting process then we will acquire the Item and deliver it to the buyer.
- Exclusivity is determined at the time of sale.
- If the Item is acquired then you will be paid in three installments over a three month period as is defined by our Software Purchase Agreement.
Netragard welcomes new US based buyers and especially urges software vendors to participate in the program. Netragard maintains a policy of strict confidence and will not disclose buyer information to any third parties.
Buyers can submit registration inquires to: firstname.lastname@example.org
Ethics & Legalities
The Exploit Acquisition Program is operated legally and ethically. Any concerns or questions with regards to our program should be directed to email@example.com. Netragard supports the concept of a properly regulated exploit market and does not condone unethical or illegal activity.
Articles of Interest and Facts
Published 08/13/2012 Selling zero-days doesn’t increase your risk, here’s why.
Published 12/04/2012 Netragard on Exploit Brokering