Description

Want to try a new technique or methodology on private bug bounty programs? Submit your research, get invited to private programs, and start collecting bounties.

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement

Our promise to you

  • We will respond to your report in ultimately two weeks, probably faster!
  • We are happy to respond to any questions, please use the button in the right top corner for this.
  • We respect the safe harbour clause that you can find below
  • We shall not modify, share, copy or re-distribute the undisclosed contents of your submission without your permission.
Domains

Research

Tier 1
Other
In scope

We are interested to hear about any common configuration flaw or technique that may affect multiple customers.
Qualifying research will earn you access to private programs that could potentially be affected, allowing you to collect 100% of the subsequent bounty earnings.

Research criteria

Submitted research will be qualified based on the following criteria:

  • Novelty: the research describes a new or publicly undocumented attack vector
  • Prevalence: multiple organisations and common configurations are affected
  • Impact: the research described a real-life, non-theorethical risk that would otherwise also qualify for bug bounties
  • Accountability: affected companies should be accountable for the introduction of the flaw and for solving it. 0-days will not be considered and should be reported to the responsible vendor.

Every report should include a working self-hosted proof-of-concept or demo.

Out of scope
  • Zero-day vulnerabilities in third party software. Please report these to the affected vendor.
  • Known exploits, payloads or bypasses
  • Web application firewall bypasses
Severity assessment

This program follows Intigriti's contextual CVSS standard.

FAQ

What will happen to my research once submitted?

Every submission will be evaluated by Intigriti's vulnerability assessment team. We will let you know whether your research qualifies within 14 working days. Regardless of our decision, the research remains your intellectual property. Intigriti shall not modify, share, copy or re-distribute the undisclosed contents of your submission without your permission.

What happens if my research gets accepted?

Once your research gets accepted, your personal hacker manager will invite you to private programs we believe may be affected by this vulnerability. You will receive priority status in the invitation queue regardless of your platform statistics or prior track records for the duration of 90 days after your report was accepted.

What happens if your research gets declined?

If your research gets declined for any reason mentioned in the in scope-section, we will not be able to fast-track you in our invitation queue. The reason why your research was declined will be communicated in the report.

What information do I need to provide?

Make sure your report includes the following information:

  • A description of the vulnerable context. E.g: a logical flaw that exists if the application processes input from X and Y, a specific configuration that needs to be present, ...
  • An impact assessment of the best- and the worst-case scenario
  • A working proof-of-concept on a self-hosted environment (where possible)

Are there examples of research that would qualify?

Examples of qualifying research include:

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Program specifics
no reputation No collaboration
no reputation Not managed by Intigriti
Researchers
last contributors
logo
logo
logo
logo
logo
logo
leaderboard
logo
logo
logo
logo
logo
logo
Last 90 day response times
avg. time first response
< 16 hours
avg. time to decide
< 1 week
Activity
2/19
intigriti
accepted a submission
2/19
logo
created a submission
2/9
intigriti
closed a submission
2/8
logo
created a submission
1/4
intigriti
changed the faq
12/20
intigriti
accepted a submission
12/18
intigriti
accepted a submission
12/14
logo
created a submission
11/28
logo
created a submission
10/11
intigriti
accepted a submission