I think they are not interested at all in phpbb , they are interested in applications widely used in organisations, they also rejects a lot so but when you get one interesting them , yes , they put on it so far much cash than idefense, believe me , that's why actually ZDI got a large part of my discoveries and I hope to continue with them as long as I can.
To note you will have to submit a paper describing the better the vulnerabilitie, a working proof of concept and anything useful as movie, snapshots , etc.
And after both parties are ok to work payment is ultra fast , the same week or the next one.
Here are more infos:
Submission Criteria- We are looking for the following criteria when determining to purchase submitted advisories:
- The vulnerability must be remotely exploitable. Aside from server-side vulnerabilities we will also accept code execution vulnerabilities in e-mail and web clients and file format parsing vulnerabilities in commonly exchanged and trusted files.
- The vulnerability should exist in the latest available version of the affected product. This is a general rule to which exceptions can be made for very popular software that tends to have a lag time associated with enterprise wide updating.
- The vulnerability must exist in products with widespread deployment. We are only interested in purchasing vulnerability information that we would typically create protection filters against. This currently includes vulnerabilities in the major hardware and software products typically found in many environments.
If you have any questions or comments regarding our interest level in a particular advisory feel free to contact us directly or submit via the portal for review. The following is a list of vendors that we are interested in. Please note that this is not a complete list, you may submit advisories for vendors not on this list and they will be considered:
* 3Com / TippingPoint
* AT&T
* Adobe
* America Online
* Apache
* Apple Computer
* Avaya
* Cerulean Studios
* Check Point / SourceFire / Snort
* Cisco / Linksys
* Citrix
* Computer Associates
* Concurrent Versions System
* D-Link
* Enterasys
* F-Secure
* Hewlett-Packard
* IBM
* Internet Security Systems
* Ipswitch
* Juniper
* Lotus
* Lucent
* Macromedia
* McAfee
* Microsoft
* Mozilla
* MySQL
* NetIQ
* Netopia
* Netscape
* Network Associates
* Nortel
* Novell
* OpenSSH
* Oracle / PeopleSoft
* PGP
* PostgreSQL
* Qmail
* QUALCOMM
* RSA Security
* RealNetworks
* Research In Motion
* SAP
* SSH Communications Security
* Samba
* Sendmail
* Skype
* Sophos
* Squid
* Subversion
* Sun Microsystems
* Sybase
* Symantec / VERITAS
* Trend Micro
* WatchGuard
24-08-06
This site recommends zerodayinitiative.com ? 
Linear Mode
Similar Threads 
