Hybrid Pentests are the newest approach to security testing from intigriti, combining the best of both worlds from traditional pentests and bug bounty programs. Hybrid Pentests only have one researcher scheduled at a time and always require an application. But not every researcher has the ability to apply for Hybrid Pentests by default. Since you would be closely working with customers, intigriti wants to make sure that we grant this privilege primarily to those who have proven their mettle (both technical skills as well as ethical and good conduct are required).
General Eligibility Criteria
As a researcher the following criteria need to be met to enter the qualification for Hybrid Pentest Eligibility:
Identity must be verified
Must be active on the intigriti platform for at least one year
At least 80% of submitted reports must be valid
At most 33% of reports may be deemed “informative” only
At least 50% of reports must have been eligible for bounty
If equivalent performance on comparable platforms can be demonstrated, these criteria may also be considered fulfilled. The same goes for researchers who were engaged in part- or full-time employment with the main responsibility of conducting pentests for IT assets.
Specific Eligibility Criteria
If the General Eligibility Criteria are met, researchers are qualified to hold an interview with an intigriti Hybrid Pentest Manager. During this short interview, we will evaluate:
Knowledge and skills specific to pentests
Ability to interact with intigriti customers in a professional fashion
If the Hybrid Pentest Manager deems the criteria met, the researcher will receive a flag as “eligible for Hybrid”, granting access to the ability to apply for Hybrid Pentests.
Eligibility for specific Hybrid Programs
Companies may set out additional specific criteria for researchers to be invited to their programs, depending on their requirements and given sufficient reason (such as legal requirements, internal policies, researcher criteria specific to the scope of the Hybrid Pentest). This is no different from continuous programs but anyway worth mentioning.
Researchers can be excluded from the possible participation in Hybrid Pentest Programs if there is any instance of violation of either Researcher T&C and/or violation of Code of Conduct. The same goes for expressing explicitly unprofessional behavior towards intigriti staff or intigriti customers. In both cases the “eligible for Hybrid” flag may be removed from the researcher, preventing further participation in Hybrid Pentest Programs. Depending on the severity of the violation intigriti may also apply further penalties, such as temporary or permanent bans.