Intigriti

Moving from another bug bounty platform to Intigriti

By Anna Hammond

June 1, 2022

Moving from another bug bounty platform to Intigriti

Wondering how easy it would be to move to Intigriti? Below we provide answers to frequently asked questions about moving to the Intigriti platform from another provider.

Businesses that are considering moving bug bounty platforms to Intigriti often get in touch with questions. These range from big picture stuff like “How can I be sure Intigriti is the right choice?” down to the granular like “What does Intigriti do with the bug reports?”

In this article, we list the most common questions we hear and provide answers. For clarity, we’ve put them in two categories:

  1. Why would I move bug bounty programs to Intigriti?

  2. What’s the process for moving bug bounty programs to Intigriti?

And, of course, if you have any questions that aren’t answered below, we’d love to hear from you in person.

Why move bug bounty programs to Intigriti

What are the advantages of moving to Intigriti?

Intigriti is trusted by companies and organizations around the globe to provide effective crowdsourced security testing. Beyond the expertise and quality of our 50,000+ ethical hacker community, there are several compelling advantages to choosing Intigriti as your bug bounty platform:

  • Triage: Intigriti staff triage every report submitted by our community of hackers before sending them on to the client for approval. This is a big timesaver as we test the validity of every submission and make sure there are no duplicates. 

  • Platform: At the heart of what we do is our SaaS platform. It’s fast, easy-to-use, secure, and kind of looks great. If you’d like to see it in action, you can schedule an Intigriti platform demo today!

  • Support: The people behind Intigriti’s service are just as important as the technology. When you choose Intigriti, you’ll have a dedicated team working for you that includes a success manager, expert support, and our triage pros.

  • Fresh Start: A transition is also a great opportunity to revise your program’s scope, bounties and guidelines. During our program architecture session, we’ll perform a full analysis of your current program and identify possible points of improvement.

Is the crowd big enough? Will we have sufficient submissions?

Intigriti’s community of crowdsourced security experts is currently 50,000+ strong. These ethical hackers are trusted by companies across the globe to unearth and report vulnerabilities. You can see many of the names and avatars of these trusted security heroes on our Leaderboard.

Who are Intigriti’s hackers?

Our security experts are a young, skilled and increasingly diverse global collective. Every year we reach out to find out more about who they are and what motivates them. You can read the results in our Ethical Hacker Insights report.

What do Intigriti do with open reports?

Security reports are an integral part of the service we provide. Once we’ve received and triaged the reports for validity, vulnerability duplicates, etc., we securely transfer them to the client for approval. They are never made public or shared with third parties.

Is Intigriti Secure?

As a company that provides security services, you can probably guess that we take our own security—and our clients’—very seriously. Here’s our position on common areas of concern:

  • Data Security: Intigriti is fully compliant with GDPR. Our platform also offers unique data-protecting functionalities, such as the ability to permanently destroy submissions, military-grade encryption, and more. 

  • Sanction: We perform initial and continuous sanctions/OFAC (Office of Foreign Assets Control) list checks for the US and other countries, and more.

  • Researcher Terms & Conditions: Every researcher on Intigriti is legally bound to adhere to our strict ‘Researcher Terms & Conditions’ framework. 

  • Researcher ID checks: Organizations can choose to only work together with ‘vetted’ or identity-checked security researchers.

  • ISO27001 certified: Intigriti has met a rigorous international standard in ensuring the security and integrity of the company as a whole. This certification demonstrates we perform to the highest standards of information security and data protection.

Check out our What makes Intigriti’s platform unique? document for detailed information on how secure Intigriti is.

How can we bring “our” current crowd with us when we move?

If you’ve spent time building a trusted and effective community of hackers in another bug bounty program, you’ll almost certainly want to continue working with them. Here are some tips for doing precisely that:

1. Tell your community

Post a message on your current program where people can submit vulnerabilities and let them know you are moving to Intigriti. Ensure you remove any scope references or links since the program page tends to stay online for a while after deactivation. (This is important since you will be unable to change anything to the deactivated program afterwards.)

2. Or, let us tell your community!

Intigriti can contact your current researchers on your behalf based on their username, if they are a current researcher on our platform. Most researchers work on more than one platform so there’s a good chance this is the case. Any additional information (such as email addresses and full names) is helpful, but might require additional approval due to privacy restrictions.

3. Provide us with a list

If you have a private program, it might also be beneficial to create a list of people invited, including those that did not create any submissions yet.

Will moving to Intigriti be difficult?

We love welcoming new customers, and we strive to make your move to our platform as frictionless as possible. An Intigriti Customer Success Manager will assist you on your journey and we are happy to provide a platform training session to get you up and running. Additional information on how easy it is to move to Intigriti can be found below.

The process for moving bug bounty programs to Intigriti

What is the bug bounty process at Intigriti? How does it all work?

When you create a bug bounty program on Intigriti, we engage ethical hackers to test your organization’s cybersecurity defenses. They search for vulnerabilities that bad actors could exploit, then report them to you via our secure platform. It’s a highly effective way of improving your IT security posture and protecting your organization.

To get an overview of what Intigriti offers, a great place to start is our bite-sized (1:17) video on how Intigriti provides agile security testing powered by the crowd. And if you want a deep dive, check out our four-part series on the bug bounty process and how to optimize it for success.

Will I be guided? How do I learn all this?

When you move your bug bounty programs to Intigriti, a platform training session can be organized in which we’ll iterate over the platform’s features, functions, and processes.

There are also plenty of other learning resources, depending on how deep you want to go:

  • Our knowledge base provides in-depth articles on all things Intigriti related

  • Our blog has tons of high-quality content related to bug bounty programs

  • And if you are ever at a loose end, we provide great human support.

Will there be help with an audit of our current setup before we migrate?

During the program architecture session we offer, we perform a full analysis of your current program and identify possible points of improvement. It’s that simple!

We’ve been trusted worldwide since 2016

Intigriti has been helping prevent cybercrime for businesses and organizations across the globe since 2016. Our community of ethical hackers provides continuous, realistic security testing that commonly identifies crucial vulnerabilities within 48 hours. The Intigriti platform goes beyond traditional pentesting or bug bounty programs, providing triage, guidance, training and support. 

To start your journey with us, it’s as simple as getting in touch today!

You may also like