By Yannick Merckx
March 28, 2022
Researcher collaboration is essential to ensure the success of a bug bounty program. Quality, creativity and impact are often achieved by working together and exchanging technical know-how. Live events and live communication tools, like our Discord community, showed us the increased popularity and impact of researcher collaboration. Finding high impact and complex vulnerabilities requires a broad range of skill sets and specialties. A team is more likely to master this versatility and is, therefore, more likely to discover complex and high vulnerabilities. This is a win for you, your collaborators and the customer. However, we felt the platform was too limited in facilitating researcher collaboration. This release will take all limitations away. We’re delighted to announce that the Intigriti platform now fully supports researcher collaboration. In November 2020, we introduced split payouts, but now you can also collaboratively manage and interact with submission.
Researcher collaboration in a nutshell
Grant your collaborators access to your submissions
Communicate as a 1337-team
Share reputation points
Share activity & visibility
Add your fellow collaborators in a retroactive way
Invite up to 9 collaborators
Split payouts via the platform
Add your weights to the split
N.B: You can only add researchers as collaborators if they have already access to the bug bounty program.
Competition makes you faster; Collaboration makes you better!
Every program can choose to allow researcher collaboration. If a program doesn’t allow researcher collaboration this is indicated on the program details page.
A quick tip: The program overview allows you to filter on all the programs that support researcher collaboration
Once you’ve selected your program, you can start to research the program assets. From the moment, you’ve found a vulnerability it is time to write the report. It is not possible to add collaborators to your draft report. You can only add collaborators from the moment you’ve submitted your report.
Whilst your submission has the state “Triage“ or “Pending” Collaborators may be added. Rejected or accepted reports do not allow you to add new contributors.
You can add collaborators in 2 steps:
Username: insert the exact username of the collaborator you would like to add. No, it is not possible to add the same collaborator twice. We tested it! 😉 Also, make sure your new collaborator has access to the program. Otherwise, it is impossible to add your friend.
Weights: Time to split your rewards. You can choose to use natural or fractional numbers. To add a collaborator, you must share at least 1% of your bounty. So be fair! 😉
collaborators with the corresponding weights
Your new collaborator will receive an email with a confirmation and will be able to view and interact with the report.
A quick tip: You can retroactively add researchers. As long as the submission is not accepted you can add collaborators.
Ready? Set! GO! From here, you’re able to provide companies with additional insides as a team all on the same report. Visibility, experience points and bounty split will all be managed by the Intigriti platform
All collaborators are able to participate in the conversation
Your team effort will be shown on your activity feed
Need 1337-collaborators? Join our Discord community and find your future collaborators in the #collaborate channel
We increased the length of the internal reference field to allow more flexibility for companies. the internal char ref field has increased to 100 chars! (from 50)
We improved the readability of the domain section. It’s much clearer now which domain description belongs to which domain application.
We added a few new resources! The logistics and transport industry had to expand rapidly in the past years and so did their online footprint. As an organization, this is challenging, because how do you keep all these constantly changing assets secure? In our newest guide, we tell you all about it! It’s a guide on how to navigate vulnerability disclosure for the transport and logistics industry
At last, have you seen our new hacker portraits for the best-performing hackers of Q4 2021 already? Every quarter, we reward the best top 3 researchers on our quarterly leaderboard with a personalized portrait by the renowned Belgian artist Zwoltopia.
Today, we are having the biggest smiles on our faces again because it's time to share the new hacker portraits with you 😇
Congrats to
* @3th1c_yuk1
* @alph4byt3
* @putsi
Look at all those beautiful hackers! 🙌
Land in the Top-3 of our Q12022 leaderboard and get yours! 🐞 pic.twitter.com/D1j09Sl6WG— Intigriti (@intigriti) January 21, 2022
Part of the development team, normally located in Antwerp, was testing from 2891.24 km away – very, very remote working!
Does the idea of working in a promising, flexible and fulfilling environment inspire you? Discover careers at Intigriti by visiting our careers page or following us on LinkedIn. We look forward to your application!
Submission retesting is here
October 23, 2024
Introducing read-only user roles
April 17, 2024