Programs will provide you with all information needed to research the different company domains and assets, including confidentiality and bounty levels thereof. This information contains (ao.) the scope definition, bounty ladder, domain and asset specification, etc.
Apart from the content specifics, the program will also determine when and how much of its details can be disclosed to specific researchers. Several concepts are important to grasp the rules that the platform imposed in order to guarantee this confidentiality.
Each program has a mandatory confidentiality level setting which determines the population of researchers that a specific program will be accessible to. The confidentiality level be set to each one of following 4 values (a typical program will progress through these levels as it gains maturity):
Programs with this confidentiality level will not be visible to the researchers, unless they are personally invited by the company to work on the program. As from the moment an invitation is pending or accepted, this program will become visible to the specified researcher only.
Application programs will be visible to the great public, however only description and bounty level are disclosed to everyone. This way, anyone will know about the program, but not everyone will have all details to be able to research on this program. In order to gain access to all program details and start researching its assets, researchers are required to apply to the responsible program admin. Once this application is approved, all program details will be disclosed to that specific researcher.
Registered programs will only be shown once a researcher has logged in to the application (not advertised on the public website). Once registered as a researcher, you will be able to create submissions on this program without further delay.
Public programs are exactly what the name indicates: Public. These programs are shown on the public pages and all its details are available to the greater public. In order to submit a submission, it will still be mandatory to register an account as an intigriti researcher.
Some additional security measure you might run into
Identity checked only
Some companies prefer to have a better understanding of the researchers. They will ask any researcher to complete their intigriti ID check prior to being allowed to gain insights in the program specifics. The programs will be advertised according to their confidentiality level, but instead of displaying the program details, they will request non-checked users to get their ID checked first.
As a researcher you will only need to get your ID checked once, this setting will allow you to have faster access to each program requesting this additional security measure.
Terms and Conditions required
Some programs will require you to accept their specific terms and conditions prior to getting clearance to the program specifics. In this case, the program details page will ask you to accept these terms prior to displaying any program detail. Read through the Terms and Conditions and click accept in order to be able to research the program in its latest form.
When any change is made in these terms, your re-acceptance will be requested for this specific program.