If you’re watching the Olympic Games, you’ll know that the leaderboard shows the top-performing countries based on the successes of their athletes. In the case of Intigriti’s Leaderboard, the athletes are an elite team of ethical hackers, and their arena is an ever-expanding attack surface that evolves at Darwinian-like speed.
The competition? Hidden vulnerabilities embedded deep into bug bounty programs. The prize? Well, bug bounties, of course. But at Intigriti, we like to keep things interesting by adding some friendly competition into the mix: the Intigriti Leaderboard.
In this article, we’re going to give more context into what the Intigriti Leaderboard is. Plus, we’ll dive into how it benefits our bug bounty programs as well as our researcher community.
What is the Intigriti Leaderboard?
The Intigriti leaderboard features the platform’s top researchers and their achievements. When one of Intigriti’s ethical hackers displays outstanding work or earns a place at the top of our leaderboard, we give them an illustrated portrait. Not only digitally, but we also send them a poster of the portrait too (so they can proudly show it off!)
To obtain a higher rank in the leaderboard, security researchers need to score as many reputation points as possible while also maintaining a strong streak and a high validity ratio. Below, we break down what these metrics involve.
Apart from monetary rewards, Intigriti rewards security researchers through reputation points as they hunt for bugs. The amount of reputation points rewarded depends upon the severity of the report, and the higher the severity, the more reputation points the researcher can earn.
Another indicator that Intigriti uses to measure quality for a researcher is their validity ratio. This refers to the percentages of valid submissions from the researcher, in relation to the total amount of submissions they submitted overall.
The streak metric explores the top severity of all submissions the researcher submitted in the last 90 days, given that these submissions were:
- Accepted by the company
- Rejected as a duplicate.
Intigriti’s leaderboard counts for all activity across the platform. However, many more exist, including 90-day leaderboards and company program leaderboards.
How does the Intigriti leaderboard benefit companies on the platform?
Primarily, the leaderboard increases activity on the platform. In turn, this drives contribution to the many bug bounty programs that are available on Intigriti. Below, we explain three ways in which it does this.
1. Researchers are given recognition for good work
As Eric de Smedt, Manager Cyber Security at Telenet Group, explains: “Intigriti offers a platform for ethical hackers to get recognition.” Based on the findings of our Ethical Hacker Insights Report 2021, we know that this is an important motivation for security researchers. The report found that recognition is a key driver for 21% of Intigriti’s community.
We strive to give recognition to ethical hackers that have shown years of commitment to the field. However, we highlight the work of rising talent too. For example, the all-time reputation points filter shows the score since the leaderboard’s conception. This metric gives an indication of seniority for the dependent researcher. The 90-day filter displays the number of reputation points that is gathered by the researcher in the last 90 days.
This metric gives an indication of recent activity on the platform. It also allows us to give up and coming talent a chance to be noticed.
2. Engagement opportunities increase through friendly competition
As indicated, the more ways we provide researchers to obtain recognition through the platform, the more motivated they feel. The leaderboards are a perfect example of this with many researchers vocalising their ambition to beat their current score.
To better their place in the leaderboard, the only option researchers have is to continue to engage with the platform, participate in bug bounty programs and produce high-quality vulnerability reports.
I like seeing how our researchers are constantly trying to improve, as well as trying to outperform their hacking friends! This healthy competition pushes the community and creates additional value for our customers.Pascal Schulz, Hacker Enablement Manager at Intigriti.
Within Intigriti’s 90-day leaderboard (August 2021), all the top 10 researchers have an exceptional or critical streak.
3. Researchers are continuously motivated
The reputation points that place researchers into the leaderboard also work as a source for businesses and Intigriti to discover hacking talent for invite-only (private) bug bounty programs. The higher the score, the better-placed researchers are to be selected — and as the Intigriti Ethical Hacker Insights Report 2021 revealed, an invite-only bug bounty program is a strong attraction point for researchers.
Within our community, 30% pick a bug bounty program to participate in because of this factor. But participation in private program’s isn’t the final step for researchers — they can also earn a place at Intigriti’s live hacking events (which are free for the hackers to attend).
To catch the eye of event organisers, researchers need to stand out on the platform. Historically, it is the top-performing hackers (within the 90-day leaderboard) that are extended an exclusive invite to the events, held by Intigriti’s award-winning Head of Hackers, Inti De Ceukelaire.
One hacker gave their highlights of attending Intigriti’s 1337UP 1119 live hacking event:
“This was a dreamy experience for me. I went back home with cool swag, nice memories, and motivated to dedicate more time to bug hunting. The hackers I met raised the bar so high with impressive and very creative bugs. So, thank you for being such an inspiration!”
High ranking ethical hackers on the leaderboard who have shown a long-standing commitment to bug bounty hunting are also invited to give feedback about the Intigriti platform to our developers. This is a chance for the researchers to influence how Intigriti shapes and develops its community and product as it grows.
Continuous security testing requires a continuously engaged community of researchers
At Intigriti, our community of ethical hackers are growing fast — but being the biggest isn’t our primary objective. Our intention is to build a network of highly engaged researchers who have a genuine passion for surfacing hard-to-find vulnerabilities for businesses. By creating a crowd of dedicated and enthusiastic security researchers, we can help businesses gain greater visibility over their attack surface all year round.
Intrigued by what you’ve read and want to know more about ethical hacking and bug bounty programs? Get in touch to speak to a member of our team.
We look forward to talking to you!