What do Red Bull and Intigriti have in common? They both have the drive to make the world a better place from a security perspective and always aim to improve. Therefore we are proud to announce that as of today ethical hackers of the Intigriti community, or “Friendly Hackers” as Red Bull calls them, are able to hunt on vulnerabilities at the Intigriti platform. And what’s a better reward than endless trays of Red Bull to stay awake all night while hunting?
Why Red Bull decided to start a vulnerability disclosure program
A few years ago Red Bull realised that writing policies does not hinder anyone in attacking the company. As they have a large, heterogenous structured and fast changing environment, taking care about security of all their public facing assets is nearly impossible. That’s why Red Bull decided that it’s better to invite “Friendly Hackers” (this is how they call security researchers) to hack them and share afterwards how they were able to do this. The alternative is being hacked anyway without knowing.
Keeping personal contact with the Friendly Hackers is very important for Red Bull and for that reason they initially managed everything themselves. But as things scale overtime they now decided to team up with Intigriti to support in managing vulnerabilities.
Maintain personal contact with the community
Red Bull likes to work with niche companies where they can build up a good personal relationship. They choose for Intigriti because of their strong focus on mutual communication and building a strong personal relationship, rather than only focusing on formal processes.
Moreover, the Intigriti platform provides Red Bull possibilities to still keep this personal contact with the community, which is so important for them.
This is how the unique rewarding approach works
Stefan Winkler, IT Security Manager at Red Bull: “We see the work with Friendly Hackers as a partnership where everyone provides what he is good at on a non-monetary base. We provide a huge playground of systems and technologies and – what else – Red Bull to survive late night hacking sessions. On the other side we receive vulnerabilities which have been obtained by friendly hackers. A win-win.”
Let’s make it concrete:
- A medium vulnerability will be rewarded with 1 tray of Red Bull (24 cans)
- A high vulnerability will be rewarded with 3 trays of Red Bull
- A critical vulnerability will be rewarded with 6 trays of Red Bull (144 cans)
- An exceptional vulnerability will be rewarded with a special surprise
Red Bull hopes to improve and streamline communication to the hackers who decide to do the deep dive into the public facing Red Bull environment.