Program updates allow you to communicate to the researchers on your platform and can be used as an effective way to drive activity and engagement on your program.
Researchers will receive an e-mail directly from you when you send out the update.
When can I use Program Updates?
Program updates can be used for many different reasons, below are the most common uses:
Functionality updates - you could sync these updates to your release cycle and even opt to send them out automatically based on release notes, using our API.
Technical updates - a new version or a rewrite of certain aspects of your applications, can also be communicated through an update
Changes to the test credentials you're providing, for example when more privileges are being offered in the testing scope
Additional (temporary) incentives - a Bonus Week where researchers receive a 20% bonus for certain assets, vulnerabilities etc.
Highlighting program rules
Who gets notified?
On a Private program: All researchers who have accepted the invitation will receive the update.
On an Application program: all researchers who accepted the invite before the change from Private to Application program + all researchers who have submitted a vulnerability on your program since
Registered or Public program, same as application + all researchers who are following your program
!! Important note
If you send out an update about a scope change, be sure to also update the Domains or Program Details!
Where can I send out an update?
As a Program Editor, Program Admin or Company Admin, you can go to the Program menu / Updates and prepare an update. You can prepare an update as a draft and publish it later.
Updates can be found in the program menu:
Updates can be drafted and saved as a draft (Save) or Published immediately.
You can write a draft and ask you success manager to double check.
Examples
New Functionalities
Title: New functionalities available!
Body:
Dear researchers,
Good news! We have added new hunting ground to our program!
As of now, we support xx functionality on xx applications.
We're curious to know what you can find ππ
Happy hunting,
Heavy Scanning
Title: Note on Heavy scanning
Body:
Dear researchers,
We are currently experiencing heavy loads because of intrusive testing.
Please stop your heavy scanning and adhere to the limit of 5 requests / second, as stated in the program description.
Keep in mind the Intigriti code of conduct which expects you to adhere to program rules at all times.
βhttps://kb.intigriti.com/en/articles/5247238-community-code-of-conduct
Thanks,
New Feature
Title: New feature released
Body:
Dear researchers,
β
We released a lot of new features. You can find all information here: [link]. We look forward to seeing what new vulnerabilities you might discover.
The new features involve:
β¦
Happy hunting!
Regards, the security team
New Scope
Title: New scope released
Body:
Dear researchers,
We added 2 new domains to our bug bounty program (tier [x]):
Xxx
Xxx
Happy hunting!
β
Regards, the security team
New Credentials Uploaded
Title: New credentials available
Body:
Hi all,
We have uploaded new credentials and deleted all the old credentials for the following assets in scope:
Asset 1
Asset 2
You can use the credentials button in the right top corner to request new credentials! Feel free to reach out to support if you have any issue with these credentials.
Happy hunting!
β
Regards, the security team