Reward your researchers fairly – try our bug bounty calculator today!

Try our bug bounty calculator

How Grafana Labs scales security with Intigriti's bug bounty program, building a safer open-source ecosystem

The challenge

As a fast growing open-source company, Grafana Labs, the creator of leading data visualization tools like Grafana, Loki, Mimir, and Tempo, faced the challenge of scaling their existing, self-managed bug bounty program. They needed a platform with better features (full-text search, hacker reputation, payments, labeling) and, most importantly, access to a wider pool of skilled, engaged security researchers. Scalability and exposure were critical, but they lacked the resources for efficient triage of a larger volume of reports. They were already used to working with communities and building OSS, and Intigriti’s approach fit in nicely with their core values. 

The biggest challenge was scalability and exposure; we wanted a larger scope and visibility to a larger group of researchers, but we lacked the resources to triage reports effectively and get public exposure.

Kristian Bremberg

Security Engineer & Bug Bounty Program Manager
grafana logo

The solution

Grafana Labs chose Intigriti to outsource their bug bounty program, gaining access to Intigriti's extensive researcher community and, crucially, their unrivalled triage service. This allowed Grafana Labs to confidently expand the scope of their program without being overwhelmed by reports.

Key features that addressed Grafana Labs' needs included: 

  • Access to a broad hacker pool: Connecting with Intigriti's global network of 125,000+ security researchers. 

  • Managed triage service: High-quality and timely assessment of submitted vulnerabilities, filtering out false positives and out-of-scope reports. 

  • Platform features: Utilizing a robust platform with features like full-text search and streamlined payment processing. 

After talking to customers and researchers, it stood clear that Intigriti has the best triage services... and since that's what's important to us, the decision was easy to go with Intigriti.

David Andersson

Manager of the Security Engineering Team
grafana logo

The result

The partnership with Intigriti has transformed Grafana Labs' security operations, enabling significant improvements in their security coverage and efficiency: 

  • Massively expanded scope: The team confidently increased their security testing scope without fear of being overwhelmed, thanks to Intigriti's reliable triage service. 

  • Increased quality findings: By tapping into Intigriti's diverse researcher community, Grafana Labs has gained access to a wide range of expertise and perspectives, leading to more comprehensive security coverage. 

  • Enhanced security culture: The continuous nature of the bug bounty program has fostered a security-aware engineering culture where teams recognize that their code is constantly being tested by external researchers. 

  • Community alignment: The program reinforces Grafana Labs' commitment to open-source values and community-driven development by democratizing their security improvement process. 

Grafana Labs

Grafana Labs is the company behind leading open-source software for visualizing operational data, including Grafana, Loki, Mimir, and Tempo. The company is committed to open source and community-driven development. 

Industry

Industry

Technology

Employees

Employees

1400+

Customers

Global users

25,000,000+

Request a demo!

"A pentest is often a mile wide and an inch deep, while a bug bounty initiative is an inch wide and a mile deep—depth over breadth in uncovering hard-to-find vulnerabilities."

David Andersson,
Grafana Security Engineering Manager