Almost ready to launch your program? Your program manager and Success manager will guide your every step of the way, but this can act as your reference in the process.
Let's make sure we've checked all the boxes!
1. Emergency contacts
Emergency contacts can be setup in the in Admin Section/ Company information page. Setting this up will ensure you receive an automated text notification when a new critical or high report is submitted.
Note: The text is sent immediately upon submission, before it passes through Triage, so these might also contain false positives.
Has the budget been uploaded and added to the program?
3. Bounty table
Has the default bounty table been adjusted for your organisation?
4. Default Assignee
In the program menu / members, double check the default assignee is set correctly. This person will be automatically assigned when the submission is verified by triage
5. Email notifications
Also under program menu / members, make sure the right people have email notifications turned on. Be aware that each user can define their own email notification preferences in their own profile.
6. Internal communication
Is the development team aware of the launch
Will there be some room to fix potential critical and high severity issues in the near future?
Is the communication department aware in case of a public launch?
Is the operational team aware in case things like support forms or orders may be in the scope?
7. Test Credentials
Do you need to provide test credentials for your application? Are they ready to be distributed? Talk to your Success Manager to define the best way to deliver them to the researchers.
8. List of known Issues
Is there a list of known issues? Maybe the result of a recent pentest which still has some issues unresolved?
We advise to share this with Intigriti, so that the triage team can already close these out as duplicates in case they would be reported by a researcher as well. Please share with your Success Manager in a secure way (usually through a password protected .zip file)
9. Invite researchers
Does your program have researchers lined up for launch? If not, Intigriti Program Manager will take care of this after the last step
What kind of restrictions should be taken into account?
E.g. Should the researchers be ID checked or should some countries be excluded?
Be sure to talk to your Success Manager about these restrictions so that Intigriti can take this into account when selecting researchers for your program.
10. Program Settings
Check all program settings in the program settings page:
Researcher collaboration on?
ID-checked researchers only?
Who can see the leaderboard?
Additional Terms & Conditions?
Which information to disclose to researchers?
11. Final check by Intigriti Program manager
Did a program manager at Intigriti go over your program one last time, ensure there are no clarifications or changes needed? If not, please reach out to your Success Manager to make sure we cover this step.
Are the test credentials ready to be distributed and working?
Does the domain section make sense, for example that we didn't forget to include an API or accounts domain which is being called from the main application.
Double check all other program sections
Select and pre-invite researchers according to your requirements.
12. Prepare for incoming submissions
Please check the following article to understand what the submissions will look like as they are being reported, and which actions you can take, which actions the Triage team can take, how to communicate with researchers and more.
13. Understand what to do in case of unwanted behaviour
In the off-chance you would be seeing unwanted traffic on your applications, you can take a look at the following articles for tips on how to react:
Now, you're all ready! Best of luck with the launch of your program!