Bug Bounty & Agile Pentesting Platform

Bug Bounty Calculator – Crunch the numbers and optimize your VDP

New tool from Intigriti helps ensure your security program receives the attention it deserves

Intigriti has launched Bug Bounty Calculator, a free-to-use tool to help bug bounty program owners make an informed decision when setting their payout rates.

The bug bounty marketplace is growing at a rapid pace. This is great news for the ethical hacking community, but the influx of new programs may increase the chance of your organization being overlooked in favor of a more attractive target.

Newcomers to the bug bounty market may have difficulty deciding what payment rates to set, while others may spend hours crafting the perfect program only to feel disappointed with the number of reports being submitted.

The Bug Bounty Calculator solves all of these issues and more.

Bug Bounty Calculator from Intigriti allows you to compare your bounty rates to the industry average

Bug Bounty Calculator allows you to compare your bounty rates to the industry average

Dynamic tool

Bug Bounty Calculator allows organizations to optimize their vulnerability disclosure program (VDP) and ensure it receives the attention it deserves.

Instantly find out whether your bounties are above or below industry average, and what level of hackers your bounty levels are estimated to attract.

The Calculator includes anonymized data from more than 400 public bug bounty programs across 18 industries, making it easy to find targeted information that’s benchmarked against your competitors.

Developed by hackers at Intigriti, the tool is regularly updated to account for market fluctuations and other industry issues.

Bug Bounty Calculator includes public bug bounty data from nearly 20 industries 

How it works

The Bug Bounty Calculator can be used as a quick reference tool to see how your program compares to the average for your industry. Alternatively, take a deep dive and fully optimize your VDP by tweaking the variables to suit your needs.

Either way, the steps are the same:

  1. Choose your industry
  2. Describe your assets
  3. View the results

After defining your industry, your search can be refined by risk level, maturity level, and incentive curve.

Fire up the Bug Bounty Calculator and see how your program fares

Actionable data

Intigriti’s Bug Bounty Calculator offers real-time, actionable insight into the global bug bounty marketplace.

For example, did you know:

  • The banking and blockchain industries currently have the best average bug bounty payout rates across all sectors

  • The average payout for critical vulnerabilities in public sector bug bounty programs is around $2,600

  • ‘High risk’ healthcare programs should expect to pay nearly twice the industry average for critical vulnerabilities, at around $4,000 for each valid report

Those with established bug bounty programs know that setting the optimal payout rates is crucial to their ongoing success. As with any other marketplace, these rates fluctuate, so this price point needs revisiting on a regular basis.

Community tool

Inti de Ceukelaire, Head of Hackers at Intigriti and creator of Bug Bounty Calculator, says the tool allows organizations to solve the important issue of setting their bounties correctly.

“Anyone can set up a bug bounty program, but if you aren’t sure what you’re doing, you may pay too much for vulnerabilities,” he said. “Even worse, set your bounties too low and you may not attract any researchers at all.”

The Bug Bounty Calculator has other applications beside helping program owners – hackers themselves can make use of the tool to find out how a program fares against the industry average.

“Our experience as Europe’s leading crowdsourced security platform shows us that researchers are highly tuned to payments,” Inti said. “It’s important to find the sweet spot to ensure your program remains an attractive proposition.”

He added: “If you pay under market value, you will not attract the top hackers.”

Find out more

Bug Bounty Calculator is just one of the many unique offerings from Intigriti. Learn more about how we are levelling up vulnerability disclosure and data breach prevention: 

Meet the triage team 

Our dedicated team of security experts ensure that every report is validated before hitting your inbox. 

Transparency and compliance 

Intigriti’s Trust Center displays our security posture in real time and provides all security resources and compliance documentation for your business. 

Ethical Hacker Report 2022 

Get an in-depth look at the latest updates in the world of ethical hacking and how more companies are embracing crowdsourced security.

%d bloggers like this: