Intigriti’s Bug Bounty Services

Secure your assets using our expert community of ethical hackers.

Intigriti’s bug bounty services allow you to secure your business using our huge community of cybersecurity professionals.

Add continuous security assessments to your infrastructure to ensure a proactive defense against emerging threats.
Overcome tight budgets and reduce high pressure on internal security teams through a bug bounty program.
Continually optimize your program and add further incentives to ensure maximum success.

What are the benefits of a bug bounty program?

A bug bounty program allows ethical hackers to test your company’s web applications, enterprise infrastructure, and other digital assets for security vulnerabilities – often for a financial reward. This modern approach to cybersecurity has numerous advantages. Key benefits include:

Secure your assets

Utilize the unrivalled skills of our global hacking community through a solution that’s tailored to your security needs

Track vulnerabilities

Our platform makes it easy to manage your program, while our expert in-house triage team accurately vets all incoming reports

Leverage our network

Access 70,000 independent cybersecurity researchers across the globe and benefit from their unique skillsets

How does a bug bounty work?

Set up your bug bounty in no time by following these simple steps:

Create your program

Define the scope of your program: select your crowd, set the rewards, and finalize the rules of engagement.

We help you match the skills required for the job through our close relationship with our community, and work with you to assign the parameters to best ensure the program’s success.

Launch your bug bounty

You call the shots on whether your bounty program is public or private. With invite-only, you custom-pick your security researchers. With public programs, our entire community is at your fingertips.

Regardless of whichever you go for, your bounty is made specific to you and only launched when you’re happy with every detail.

Boost your cybersecurity

Once your program is launched, you will start to receive valuable security vulnerability reports from our ethical hacking community, which allows you to secure your assets.

Our dedicated triage team ensures every report is verified before reaching you, assuring their quality.

Optimize your program

Your crowdsourced security journey has only just started! Our dedicated customer support team helps you optimize and modify your bug bounty program for long-term success.

With continuous security protection as an intrepid part of your security infrastructure, your threat level is significantly reduced.

OUR CLIENTS INCLUDE

Bug Bounty program confidentiality

Our bug bounty programs have four different confidentiality modes to choose from:

PRIVATE This is an invitation-only bug bounty program. We typically start with 15-20 carefully selected researchers and gradually increase this number. This allows your assets to be tested by more people with unique skill sets and increases the chance of finding different vulnerabilities.

PUBLIC Your bug bounty program is listed on our public website, indexed by Google, and searchable online. Cybersecurity researchers still have to register on the platform if they want to submit a report. In a public program, the option ‘ID-checked’ is not possible.

APPLICATION Researchers wanting to participate in your program have to apply and need to be approved by you, but all researchers who are registered on the platform can see that there is a program. Researchers still have to log in and apply to see the program details. If the ‘ID-checked’ option is not required for researchers, the program is also visible on the public Intigriti website.

REGISTERED All registered researchers on the platform can see the full program details and submit reports. It is possible to restrict access to ID-checked researchers only.

Ioana Piroska, Security Engineer & Bug Bounty Program Manager at Visma

Our security director has a simple rule of thumb. He says $1 spent in bug bounty is between $10 and $100 later - and I completely
agree with him.

Ioana Piroska,
Visma Security Engineer & Bug Bounty Program Manager

Request a demo!

Bug Bounty FAQ

A vulnerability disclosure program (VDP) is similar to a bug bounty, but without a cash incentive for cybersecurity researchers. With no financial rewards to pay, VDPs can be a cost-efficient way of using the power of our ethical hackers to discover and fix security vulnerabilities.

While they may not attract as much attention as a fully-fledged bug bounty, a VDP is a great way for an organization to take its first steps into crowdsourced security.

Yes! We always include triage by default. The Intigriti triage team will validate the submissions on your program, making sure you are only being notified for the valid and unique submissions. They will close out duplicate and out-of-scope submissions and ensure you're only working on valid vulnerabilities.

The goal should be to have the most competitive table as possible with your budget. See our Bug Bounty Calculator as well as our article on setting up a successful Bug Bounty program to help you setup a competitive table.

We have a bi-directional API and native JIRA integration available.

Onfido facilitates our ID verification process

Useful links

Learn more about Bug Bounty and discover the full breadth of Intigriti’s solutions:

Ethical Hacker Report 2022 →
Our annual survey of our hacking community, giving a key overview into the who, what and why of bug bounties.

Triage datasheet →
A run-through of Intigriti’s crucial in-house triage team, and how they ensure a high quality of reports across the platform.

What to consider when launching a bug bounty program →

Four key benefits of launching a successful bug bounty program →