By Intigriti
October 1, 2020
Intigriti’s Ethical Hacker Insights Report 2021 revealed that 42% of our community say it’s important that the security team of the bug bounty program they target is responsive. This is especially true for those looking to build a strong, continuous relationship with a company. On that note, more than a fifth (22%) say they like working with companies they’re familiar with. Taking these insights into consideration, it’s hardly surprising that Red Bull is a popular bug bounty program amongst researchers on our platform.
In this article, we explore how Red Bull’s relationship with the ethical hacker community has gone from strength to strength. Plus, we shine a light on their unique rewarding system!
Even though they have a vulnerability disclosure policy, Red Bull knows it won’t deter cybercriminals from attacking its systems. The drinks brand has a large, heterogenous structured and fast-changing environment. Taking care of the security testing for all of their public-facing assets is an almost impossible task without additional support.
To tackle this problem, Red Bull chose to employ the help of ethical hackers so they could mimic the techniques of cybercriminals and outmanoeuvre them. Ethical hackers are highly skilled security specialists. By working with them, the drinks brand knew it would be able to continuously test its defences, better understand its weaknesses, and improve its security posture.
Keen to build a professional, yet personal, collaboration with its security researchers, Red Bull initially chose to manage and host a program themselves. However, as the program began to scale, they decided to look for a third-party platform to host their program for them. Doing so would provide them with the infrastructure and support they needed to successfully process and manage vulnerabilities.
Red Bull chose Intigriti because of its strong focus on mutual communication. Intigriti’s triage team also has a uniquely personal relationship with its researchers – they go beyond simply focusing on formal processes and empower their hackers to be successful. Intigriti researcher, @Pudsec, reinforces why this is important:
“Intigriti triages very fast, and with such positive and encouraging comments. That really lifted me — especially when I was still quite new to the bug bounty world.”
@Pudsec, intigriti Security researcher
Moreover, by partnering with Intigriti, Red Bull could create the relationship it desired with an ethical hacker community.
Red Bull incentivise in a unique way. Depending on the severity of the vulnerability, researchers can earn free cans of their energy drink and branded merchandise. An exceptional vulnerability is even rewarded with a special surprise!
Speaking of the partnership, Stefan Winkler, IT Security Manager at Red Bull said:
“We see the work with Intigriti’s hackers as a partnership where everyone provides what he is good at on a non-monetary base. We provide a huge playground of systems and technologies and – what else – Red Bull to survive late night hacking sessions. On the other side we receive vulnerabilities which have been obtained by friendly hackers. A win-win.”
Stefan Winkler, IT Security Manager at Red Bull
Red Bull hopes to improve and streamline communication to the hackers who decide to do a deep dive into the public-facing Red Bull environment.