Intigriti believe that transparency is important and public bug bounty write-ups are a valuable source of knowledge for the bug bounty community. Companies, however, may have legitimate reasons not to disclose (fixed or unfixed) vulnerabilities.
If you want to disclose a submission to any party other than Intigriti and the company involved, regardless of its severity or its state, you need to get approval from both the Intigriti team and the concerned company. The request should be in the form of a comment in the report itself as we currently do not offer a disclosure feature within our platform. Prior to written approval from the Intigriti team and the company, it is not allowed to disclose any information related to your submission. This also includes report titles, vulnerability types, endpoints, comments, bounty amounts or the company name.
Please refer to our community code of conduct for further reference pertaining to researcher guidelines.