HITCON ZeroDay is a public benefit program established by HITCON. Our mission is to help information security experts and enterprises to communicate and benefit, so that security experts and enterprises stand in the same line, creating a good information security environment. HITCON ZeroDay launched in 2015. The reliable vulnerability notification platform helps enterprises to effectively deal with and fix the vulnerability, and enables notifiers to know the relevant progress in a timely manner, thus creating a communication channel of mutual trust and cooperation.

In recent years, we have organized the Bug Bounty Program through this platform. Enterprises can give appropriate rewards to the notifier according to the severity and usefulness of each notification. Enterprises can also actively recruit information security experts for testing. In addition to highlighting the importance that enterprises attach to information security and obtain first-hand vulnerability information, information security experts can feel that they are taken seriously, so as to make continuous returns for enterprises and avoid the leakage to the black market.

The task of the reporting platform

‧ Make sure the communication between the enterprise and the notifier is smooth

‧ Validate vulnerability

‧ Avoid malicious exploitation of vulnerabilities by notifiers

‧ Avoid corporate accountability without fixing loopholes

‧ Reward to notifier (credit, bonus)

‧ Give enterprises access to talent

‧ Matchmaking between enterprises and information security vendorsFeatures


‧ Inform the company of vulnerabilities

‧ Bug details support Markdown writing

‧ Update status of vulnerability immediately

‧ Communicate with business in private

‧ Open message boards for discussion

‧ The points ranking shows the degree of contributionEnterprise

‧ Exclusive enterprise account background

‧ Get the latest vulnerabilities immediately

‧ Update vulnerability status instantly

‧ Communicate private information to ZD team or notifier

‧ Reward the notifierOpen Data

‧ RSS Feed provides feeds for the latest vulnerability information

‧ The API interface gives the partner vendor cascading data