Pen testing-meets-bug bounty model announced today
Intigriti has today announced a new program that will combine bug bounty hunting with penetration testing models to offer hackers payment by the hour for their time spent searching for vulnerabilities.
The European platform announced that its new venture will offer payment for the hours a participant spends searching for vulnerabilities as well as a capped reward for individual bugs.
This will enable companies to work with selected researchers on individual engagements within an agreed timeframe but also following a result-based rate, like bug bounty programs, Intigriti explained.
In a pilot phase leading to the launch, more than €100,000 ($106,000) was earned by researchers.
These so-called ‘hybrid pen tests’ will be available to applicants this summer, Intigriti’s Inti De Ceukelaire told The Daily Swig.
The new model was launched with the aim to “accommodate a sustainable working space for both companies and ethical hackers”, said De Ceukelaire, who spent 10 years as a bug bounty hunter.
He added: “I was contemplating a career as a full-time bug bounty hunter: I loved the idea of being able to work whenever I wanted from wherever I wanted, but could not deal with the uncertainty full-time bug bounty hunting brings, as you’re not being paid for [your] effort.
“With more companies implementing a bug bounty program and raising their payouts, I see more people shifting their career to become a full-time bug bounty hunter.
“On the other side, we see companies that [are] massively impressed by the results they get from bug bounty compared to pen tests, wanting to do more engagements with top performers on their program.”
Roll up, roll out
Intigriti said that funding for the program has so far reached €21 million ($22.3 million).
Researchers wanting more information on the new model can apply this summer on Intigriti’s website or apply to be part of beta testing.
YOU MAY ALSO LIKE Bug bounty hackathon nets security researcher €10,000 overnight