By Anna Hammond
June 27, 2022
Building a strong ecosystem is key to optimizing the collective benefit for both Intigriti clients and researchers. By creating more value for one entity, it provides opportunities and brings stability to the other. At Intigriti, for example, we support the community to become better hackers, and in turn, enable them to deliver more high-quality reports to clients.
In this article, we’re going to run through a few examples of how Intigriti supports its community.
If you’re familiar with our blogs, you may already understand the benefits of a strong triaging process within a bug bounty program. However, to account for those that are new to bug bounty, here’s a quick explanation:
Triage is the security validation process executed by our in-house security analysts. Primarily, it ensures clients only receive valid, unique and in scope vulnerability reports. The good news is, Intigriti bug bounty programs offer triage services by default so clients and the community can count on their services to validate every vulnerability report submitted through the platform.
Did you know that 24 hours is the average time it takes for Intigriti to review, and accept or reject a vulnerability report? Additionally, we have an average Net Promoter Score of 9.2, reflecting our triage team’s swift, fair, and personal approach to triaging.
Intigriti was built by security researchers for security researchers. Consequently, we invest heavily in:
Free training materials, such as Intigriti’s knowledge base and Hackademy
Monthly challenges
Conferences
Live hacking events
Bug bounty content creators.
As a result, we’re proud to have an unrivaled network of educators and mentors.
Intigriti’s community team have some great ideas and I was amazed with the challenges! They really help hackers to think out of the box.
Ethic_yuki, Intigriti Security Researcher
Researchers can ask a question to our support team any day of the week through an online chat. Additionally, questions are typically responded to within one hour, allowing them to continue their work and deliver vulnerability reports as quickly as possible. This unrivalled response time helps drive community engagement up, boosts activity, and makes for a better researcher experience.
I really enjoy the personal touch Intigriti’s researcher support has. I feel seen and cared for as hacker.
Renniepak, Intigriti Security Researcher
Intigriti’s Fastlane Program rewards security researchers for exclusive access to academic research into new and unknown vulnerabilities before they publish it publicly. The program stimulates the discovery of unique and innovative approaches among the community. Additionally, it provides our customers with access to security risks before companies or competitor platforms learn about them.
The overall user experience and platform interface is often one of the first points of praise we receive from researchers and existing customers when asking for feedback. In recognition of this, we’ve received a 4.8/5 score on Gartner Reviews.
Our AI technology matches security researchers with programs to ensure optimal results for our customers and researchers. But, how does it work? The AI learns about the security maturity of the organization’s assets as submissions come through and matches common weaknesses with researchers that have delivered similar contributions to other programs.
We facilitate the swift payment of bounties to researchers in the currency organizations choose and researcher demographic details remain anonymous throughout the entire process. Importantly, they also earn according to the impact of the vulnerability they report.
The benefit of researchers working through a bug bounty platform is that the rules of engagement are clear. For example, Intigriti’s framework precisely details how they should operate and engage with companies on the platform. It also includes strict guidelines on confidentiality, data processing, non-disclosure of vulnerabilities, and more. Once accepted, an Intigriti ‘Community Code of Conduct’ becomes applicable.
According to Intigriti’s Ethical Hacker Insights Report 2022, 57% of ethical hackers will not work with a company outside of a bug bounty platform due to the lack of a legal framework existing.
Ethical Hacker Insights Report 2022 [Source]
Some organizations choose to only work with ‘vetted’ or identity-checked security researchers. Fortunately, Intigriti can facilitate this for both companies and researchers.
To become ‘vetted’, registered security researchers perform an identity verification process, using official documents and a physical biometric verification process. In the same way an employee onboarded to many office-based jobs, checking for fraud, stolen IDs and impersonation is also included in this security steps. This option creates more opportunities for security researchers as a result.
Want to know more about bug bounty programs? Then get in touch to request a demo with a member of our team today.