Program updates allow you to share important information with researchers who are active on your program. You can use updates to communicate changes, announcements, or reminders that help researchers stay aligned with your expectations and current setup.
โ๏ธRoles: Company Admin, Program Admin, Program Editor
Publish a program update
You can create and publish program updates directly from your program.
Open your program.
Navigate to Updates in the program menu.
Draft your update.
Save it as a draft if you want to review or refine it later.
Choose whether you want to notify researchers by email about your program update.
Publish the update when you are ready to notify researchers.
Once published, program updates are visible to researchers who have access to the program details, depending on your programโs confidentiality level and additional program settings such as ID check required, 2FA required, area restriction,... Researchers can view the update directly from the program.
Program updates can be edited or deleted at any time. Researchers are not notified when an update is changed or removed, and they cannot access previous versions for reference.
Program update notifications
When publishing a program update, you can choose whether to notify researchers by email.
๐ก Note: The email notification only includes the program update title and a link to the update. To read the full program update content, researchers must log in to the platform.
Researchers receive the program update email only if they have access to the program details and are participating in or following your program. More specifically, the following researchers receive an email notification when an update is published:
Invite-only programs: Researchers who accepted your program invitation.
Application programs: Researchers who accepted your program invitation or whose application you have accepted.
Registered and public programs: All researchers mentioned above, as well as researchers who have submitted at least one accepted submission or are following your program.
Researchers who do not have the Program launches and updates communication preference enabled will not receive any program update notifications.
Program update examples
The examples below can be used as inspiration:
๐ Program launch
Welcome researchers to your new bug bounty or vulnerability disclosure program. This usually includes introductory information and guidance on how researchers can participate.
Example
โ
Example
โ
Welcome to our program!
โDear researchers,
โ
Weโre excited to officially launch our bug bounty program on Intigriti.
You can now start testing the assets listed in scope and help us improve our security.
โ
Please make sure to review the scope and program rules of engagement before getting started. Weโre looking forward to seeing what you uncover.
โHappy hunting,
The [Company name] security team
โ
๐ Program status update
Communicate changes to the operational state of your program, such as suspending, reopening, or closing your program.
Example
Example
Program status update: [Pausing/Closing] our bug bounty program
โDear researchers,
As of [Date], our bug bounty program will be [paused/closed].
โWhat this means:
You won't be able to create new submissions.
Existing submissions will still be reviewed and rewarded.
Thank you for your valuable contributions and continued support.
โ
The [Company name] security team
โ
In scope update
Inform researchers that new assets have been added to scope and are eligible for testing.
Example
Example
Scope update. New assets added!
โDear researchers,
โ
Good news. Weโve expanded our scope and added new assets that are now eligible for testing.
[Asset name]
[Asset name]
[Asset name]
Please review the updated scope before starting your tests. Weโre curious to see what you find.
Happy hunting,
The [Company name] security team
โ Out of scope update
Communicate that specific assets have been removed from scope and are no longer eligible for testing or reward.
Example
Example
Assets moved out of scope
Weโve made some changes to our bug bounty program and want to make sure you're up to date. As of [Date], following assets have been moved to the out-of-scope.
[Asset name]
[Asset name]
[Asset name]
Please avoid testing these out-of-scope areas moving forward. Any findings related to them will not be eligible for bounty consideration. We appreciate your attention to these updates.
โ
The [Company Name] security team
๐ Release update
Announce the release of a new version, feature, product, or system that may affect the testing landscape or scope.
Example
Example
New release deployed!
โDear researchers,
Weโve deployed a new release that may affect the testing landscape.
โRelease highlights:
[New feature]
[Feature update]
[Other change]
For more infomation go to: [Link to changelog or documentation] You may notice changes in behavior while testing. As always, we appreciate your help in identifying any security issues introduced by this release.
โ
Happy hunting,
The [Company name] security team
๐ Credentials update
Communicate changes to test credentials or access details required for security testing, such as new or updated test accounts, passwords, API keys, or authentication requirements.
Example
Example
New credentials available
โHi all,
Weโve uploaded new test credentials for the following in-scope assets:
[Asset Name]
[Asset Name]
[Asset Name]
Use the Credentials button in the top-right corner to request new credentials. If you experience any issues, feel free to contact Support.
โHappy hunting,
The [Company Name] security team
๐ฒ Bounty update
Inform researchers about changes to the bounty table, including bounty increases or additional bounty tiers.
Example
Example
Bounty table update โ New rewards Incoming!
Weโve made some exciting changes to our bug bounty program. Starting today, our bounty table has been updated to [briefly explain why you made these changes, such as better reflecting impact or encouraging focus on specific vulnerability types].
โWhatโs new?
[Describe what changed, for example increased bounties, new bounty tiers,...]
The new bounty table is now live. All qualifying submissions from [Date] onward will be evaluated against the updated bounties.
Thanks for continuing to help us raise the bar on security!
The [Company name] Security Team
โ Bonus update
Announce temporary or special incentives offered in addition to standard rewards, often tied to events or limited-time challenges.
๐ Swag update
Inform researchers about non-monetary rewards offered for participation.
๐ Rules of engagement reminder
Restate or clarify the rules researchers must follow when participating in the program, with a focus on safe and authorized testing behavior.
Example
Example
Rules of Engagement Reminder
Dear Researchers,
We're currently [experiencing heavy loads because of intrusive testing]. Please follow the Rules of Engagement [Link] outlined in our bug bounty program.
Please also keep in mind the Intigriti Code of Conduct, which expects you to adhere to program rules at all times.
Thank you for your continued cooperation and dedication.
The [Company name] Security Team
๐ Researcher instructions
Provide practical guidance to help researchers navigate the program effectively, such as where to find documentation, how to access specific assets, or how to approach testing within scope.
Example
Example
Researcher instructions and guidance
โDear researchers,
To help you navigate our program effectively, weโre sharing some practical guidance before you start or continue testing.
How to get started:
Documentation: [Where to find technical documentation or references]
Access: [How to request credentials or access specific assets]
Testing approach: [Recommended way to approach testing within scope]
This information is intended to help you find what you need quickly and avoid unnecessary friction while testing.
If you have questions or need clarification, feel free to reach out via support.
Happy hunting,
The [Company name] security team
๐ Researcher acknowledgement
Recognize or thank the wider community for their contributions.
Example
Example
Thank You for Your Contributions!
โ
We want to take a moment to recognise and thank all the researchers who have submitted valid reports to our bug bounty program. Your findings help us identify vulnerabilities early and strengthen our security.
We appreciate your time, expertise, and dedication.
โ
The [Company Name] security team
๐กNote: If you would like feedback on the content of a program update, you can contact your customer success manager for guidance before publishing.
Best practices
Use clear and descriptive titles so researchers immediately understand the purpose of the update.
Keep messages concise and focused on what changed and what researchers should do.
Align program updates with changes made to scope, credentials, or rules to avoid confusion.
Related articles