Zerodium is an American information security company founded in 2015 based in Washington, D.C.. Its main business is acquiring premium zero-day vulnerabilities with functional exploits from security researchers and companies, and reporting the research, along with protective measures and security recommendations, to its corporate and government clients. The founder, Chaouki Bekrar, is also known for founding VUPEN (defunct).
In 2015, Zerodium was the first company to release a full pricing chart for 0days ranging from $5,000 to $1,500,000 per exploit. The company is reportedly spending between $400,000 to $600,000 per month for vulnerability acquisitions.
- Fisher, Dennis (July 24, 2015). "VUPEN Founder Launches New Zero-Day Acquisition Firm Zerodium". ThreatPost.com. Retrieved November 3, 2015.
- Andy Greenbrg (18 November 2015). "Here's a Spy Firm's Price List for Secret Hacker Techniques". Wired. Retrieved 26 August 2016.
- Sean Michael Kerner (21 September 2015). "Zerodium Offering a $1 Million iOS 9 Bug Bounty". eWeek.