The Ethical Hacker Insights Report 2024

STRENGTH IN NUMBERS: UNLOCKING THE VALUE OF CROWDSOURCED SECURITY

 Table of contents
3 A note from Inti, Intigriti’s Chief Hacker Officer 11 Researcher spotlight: @Itsirkov 21 Getting the financial incentive right and staying
competitive
4 Methodology 12 A strong preference for bug bounty platforms
22 Determining your bounty budget
5 Return on Security Investment (ROSI)* 13 The power team behind Intigriti’s platform: community
enablement 23 Balancing speed and security: Personio’s bug bounty
6 Glossary program enables agile development
15 A community that believes in being thorough
7 Demographics: Uncovering the people behind the craft 24 Key takeaways
16 Going beyond point-in-time testing
8 Exploring the unique skillsets of this dynamic 25 About Intigriti
community 17 Hybrid pentesting
27 Contact us
9 What makes a bug bounty program attractive? 19 Retesting vulnerabilities

10 From novice to expert: The educational power of 20 Financial gain continues to remain the primary
bug bounty programs in cybersecurity motivator

2 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 A note from Inti,
Intigriti’s Chief Hacker Officer
Crowdsourced security has officially earned its stripes in security testing.

This is evidenced by major brands such as Microsoft, Crowdsourced security testing means CISOs can
Nestle, Coca-Cola, Monzo and Intel, all of which leverage a global community of security researchers Keep reading to unlock:
have adopted Intigriti’s bug bounty platform in to continuously test for new and undiscovered
ࠦ How ethical hacking communities become
recent years. Their engagement underscores the vulnerabilities on one platform. This approach not
an extension of your team: Access to the most
solid reputation that this form of security testing only maximizes their Return on Investment (ROI) but
current and competent security specialists in the
has established over the last five years, definitively also enhances their return on Security Investment
world.
proving its value within the cybersecurity community. (ROSI)*, enabling them to invest less now to avoid
higher costs in the future. ࠦ Tactics to elevate your security testing
A major force behind this trend is the challenge
strategies: Transition away from traditional
CISOs globally face to ensure continuous security With this Ethical Hacker Insights report, you’ll get
point-in-time testing and bring in greater
coverage of assets, particularly during periods of access to a demographic breakdown of Intigriti’s
incentivization.
rapid business growth or change. Further, in recent ethical hacking community. Plus, we’ll offer
years cybersecurity teams have had to operate with practical strategies for cybersecurity leaders to do ࠦ Strategies to enhance the appeal of your
reduced budgets , fewer staff and limited
1
more with less. program: Drive engagement and get more
resources according to Enterprise Strategy Group. results.
Knowledge is the best defense against malicious
They needed a solution that could extend their
actors. Are you ready to outsmart them?
capabilities, and many adopted crowdsourced
solutions found on platforms such as Intigriti.
Inti De Ceukelaire
CHIEF HACKER OFFICER

1
go.intigriti.com/reduced-budgets

3 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Methodology
Intigriti collected the responses of 550+ RESEARCHER

security researchers over the course of youngvanda

April 2024.

To qualify for the survey, respondents must have

hunted for a bug bounty at least once in their life.
We also analyzed more than 640 bug bounty tables
across multiple industries to help organizations
benchmark against their industry peers and make
an informed decision about how to reward security
researchers for reporting vulnerabilities.

4 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Return on Security
Investment (ROSI)*
“Return on Security Investment” (ROSI) is a strategic concept
that quantifies the value derived from allocating resources to
cybersecurity measures.

It emphasizes that the budget spent on cybersecurity should not only be be viewed
as an investment but as a crucial prevention tactic against potentially costly and
damaging cyberattacks.

‫ د‬ROSI calculates the financial value that security measures contribute

by reducing the risk and potential costs of security incidents. ROSI helps
organizations determine the effectiveness of their security spending by
comparing the cost of security implementations against the financial losses
prevented. This calculation supports strategic decision-making by highlighting
the economic benefits of investing in robust security systems.

5 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Glossary
Bug bounty programs often come with a set 🔍 Security researchers 🔍 Triage
of terminologies and jargon specific to the Also known as ethical hackers or bug bounty hunters, Completed by a highly experienced team of security
field of cybersecurity and ethical hacking. security researchers are cybersecurity experts who analysts, the triage process validates submissions
Here are some common terms used within use their skills and expertise to hack for good. based on defined criteria. The purpose is to filter out
this report: duplicate reports and ‘out of scope’ submissions,
🔍 Bug bounty program
as well as reproduce the vulnerability, based on
A bug bounty program allows independent security
the information presented by the researcher. The
researchers to report bugs to an organization
vulnerability’s severity rating is also suggested by
in exchange for recognition and compensation.
triage during this stage.
Programs can be private or public.
🔍 Crowdsourced security testing
🔍 Bounty
Crowdsourced security testing is a method used in
If a vulnerability report is accepted by the
cybersecurity and software testing. It is characterized
organization it relates to, they’ll pay the security
by the engagement of a diverse and geographically
researcher a reward or compensation which is better
dispersed group of security researchers to assess
known as a ‘bounty.’ This incentivizes individuals
and evaluate the security posture of a digital system,
to disclose potential threats, enhancing the overall
application, or software product.
security posture of the organization. Eligibility criteria
and reward amounts are outlined in the program’s
policies and guidelines.

6 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Demographics:
Uncovering the people
behind the craft
The majority of ethical hackers are in full (37%) or part-time (8%)
employment. Yet, 12% are now hunting for bounties full-time, with
83% of this group spending time hacking daily.

37% 12%
of Intigriti’s community are are full-time bug bounty
in full-time employment hunters We look at the researcher community as our partners,
not as our adversaries. They have a very different way of
looking at our attack surface compared to those who are
internal and potentially building the product itself.

68% 19% Madeline Eckert

have an undergraduate have a Certified Ethical SENIOR PROGRAM MANAGER ON THE
RESEARCHER INCENTIVES TEAM
or master’s degree Hacker (CEH) certificate

7 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Exploring the unique Top 8 skills from our community:

skillsets of this dynamic Web application security testing 90%

Vulnerability research 56%

community Mobile application security testing 39%

Network penetration testing 37%

The strongest area of expertise from the community is web Source code review 21%
application security testing with 90% citing this as their strongest
Social engineering security testing 12%
skillset—which perhaps makes it unsurprising that this is also the
Cloud security testing 11%
area which the community focuses most of their time on.
Wireless penetration testing 10%
API (53%) and Linux (30%) testing are also leading areas of focus, suggesting a
0 25% 50% 75% 100%
robust capability in identifying and addressing security gaps across different
platforms.

Top 8 areas of focus from our community:

‫ د‬Lower engagement in areas like iOS mobile applications and wireless
penetration testing reflects a more niche focus within the community. Web applications 96%

APIs 53%

Linux 30%

Android mobile applications 27%

Open source 23%

Windows 18%

Operating systems 12%

iOS mobile applications 7%

0 25% 50% 75% 100%

8 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 What makes a bug bounty
program attractive?
The scope of a bug bounty program is a significant factor for ethical What attracts you to a particular bug bounty program on Intigriti?
hackers, with 61% citing lots of scope and 54% choosing fresh Lots of scope 61%
scope as motivation for engaging with a program. Additionally, 19%
Fresh scope 52%
reported a variety of vulnerabilities were important. This indicates
A responsive team 41%
a preference for programs that offer a wide and evolving range of
Good program reputation 34%
targets for testing.
Large maximum payout 24%
Additionally, the interaction of security teams is highly valued, with 41% of
The program is private 24%
respondents attracted to programs with a responsive team and 19% emphasizing
A familiar brand 23%
the importance of relationship building. This underscores the importance of
Fast time to payment 22%
interaction and feedback in the bug bounty process.
Lots of vulnerabilities 19%
The reputation of the program and the potential for high rewards also play crucial
Build a relationship with the 19%
roles, with 34% of respondents attracted by a good reputation and almost a security teams
quarter (24%) by large maximum payouts.
0 25% 50% 75% 100%

9 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 From novice to expert:
The educational power of
bug bounty programs
in cybersecurity
Fast facts: When asked about the most effective way to learn
about emerging threats, 46% of respondents
‫ د‬18% of respondents have secured a
identified bug bounty hunting as the top method.
job opportunity with a company from
This was closely followed by personal research and
participating in their bug bounty program.
training (44%). In contrast, only 6% considered on-
‫ د‬74% of respondents participate in bug the-job training as the best way to stay informed
bounty programs to learn. about new threats.

‫ د‬65% of respondents who have participated in

a Vulnerability Disclosure Program (VDP) do so The challenges they face with keeping up with threats: RESEARCHER

because they are an effective way to practice tamaytandiran

Limited time for research 49%
and learn.
Volume and diversity of threats 40%
Staying up to date with the latest
34%
More than two-thirds (68%) of Intigriti’s community security testing tools and techniques

feel confident or very confident staying up to date Limited resources for training 31%
with emerging security threats, despite 45% of Sophistication of cyber threats 29%
respondents stating they receive no formal training
0 25% 50% 75% 100%
from their employers.

10 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Researcher spotlight: @Itsirkov
My greatest achievement in ethical
hacking was when I was invited to a
private bug bounty program, and during
my participation, I discovered 18 critical
vulnerabilities within 30 days of hacking.

Demonstrated impact included exploiting

vulnerabilities of different categories, such as broken
access control issues, server-side injections and
common misconfigurations.

As a result of my findings, I was awarded €57,250

and was ranked #1 on the private program and
monthly leaderboard. Here, I’d like to highlight that I
had the opportunity to collaborate with an amazing
security team on this program that took security of
the organization very seriously and fully engaged
with my reports.

Collaboration between ethical hackers and internal

security teams can be incredibly impactful.

I personally believe that we will see more bug bounty

programs launch in the coming years due to the
effectiveness of the model and access to talented
ethical hackers on platforms, like Intigriti. The
community has already grown a lot in recent years.

11 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Streamlined processes and triage provide

A strong preference for efficiency

A sizable portion of respondents (36%) are put off by

bug bounty platforms the lack of streamlined procedures in independent

programs. Without well-defined workflows,
contributors find it difficult to navigate the reporting
The survey highlighted that 40% of respondents won’t contribute to
and validation processes.
bug bounty programs outside of a bug bounty platform:
Moreover, 24% note the absence of a dedicated
triage team as a barrier, which can lead to chaotic
Why researchers won’t contribute to bug bounty programs outside of a bug bounty platform: and inefficient handling of reports.

Communication is often poor 47%

Legal frameworks support collaboration
Responses are slow 44%
A lack of legal protections and frameworks, noted by
Less support available 27%
26% of respondents, falls short of providing a safe
You don’t get the legal framework
26% and compliant environment for security researchers
a bug bounty platform provides
and organizations to collaborate.
Lack of triage department 24%

0 25% 50% 75% 100% Researcher support enables contribution

Furthermore, 27% feel there is insufficient support
outside of formal bug bounty platforms, hindering
Communication is key
effective contribution and issue resolution.
These responses highlight the importance of A lack of such leads to frustration and demotivation,
communication in bug bounty programs. Nearly half reducing continued engagement. Yet, on the
(47%) of respondents reported poor communication contrary, effective communication clarifies doubts, ‫ د‬Fostering transparent communication,
as the top reason for not working with programs provides updates, and ensures participants feel providing clear guidelines, and ensuring
outside established platforms. valued. responsive support are crucial for the success of
bug bounty programs.
Additionally, 44% of respondents cite slow responses
as a major deterrent, indicating the need for timely
feedback and acknowledgment.

12 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 The power team behind Intigriti’s
platform: community enablement
Community development
Intigriti’s community enablement team
At Intigriti, we prioritize the development of our
bridges the gap between our researchers
community because we know that this leads to
and our customers.
more engaged researchers and better results for
The aim is to empower our researchers so that they our customers. We regularly deliver free training
feel motivated and excited to hunt on our customers’ materials, monthly challenges, conferences, and live
programs. The team achieves three main goals: hacking events.

Community support
🎯 Expand our community through multi-faceted
With an average response time of one hour, our
marketing activities and provide the resources
support reps are ready to assist researchers all
and support to help researchers grow.
through the week. They ensure uninterrupted
🎯 Drive engagement on Intigriti’s platform workflow, enabling researchers to swiftly submit
through a combination of enticing bug vulnerability reports to programs. This unmatched
bounty programs, live hacking events, and responsiveness increases our reputation, brings
competitions. more hackers to our platform, and drives results for
our customers.
🎯 Elevate and amplify the profiles of high-
performing researchers, particularly those Unrivalled triage
pioneering ground-breaking vulnerability Intigriti’s triage team is the glue between our
research. researchers and our customers. As security analysts
RESEARCHER
themselves, they are perfectly suited to facilitate
fattselimi
communication and provide support to both parties,
ensuring seamless collaboration and enablement in
both directions.

13 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 After two and a half years of #bugbounty, I can say that
Intigriti is the best platform. It’s where I feel at home,
and it has literally changed my life.

The incredible triage team at Intigriti may not Leorac

INTIGRITI SECURITY RESEARCHER
be listed as a feature, but they are certainly our
favorite aspect. Numerous times, after assessing a
researcher’s submission, I’ve turned to the internal
chat with a question, only to discover that the team
had already proactively addressed my concerns
without me even asking.

Arnau Estebanell Castellví

LEAD SECURITY ENGINEER

I really enjoy the personal touch Intigriti’s researcher

support has. I feel seen and cared for as a hacker.

Renniepak
INTIGRITI SECURITY RESEARCHER

14 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 A community that believes
in being thorough
Intigriti’s researcher community is extremely diligent, as indicated
through the survey results. An impressive 88% of researchers retest
vulnerabilities after they have been resolved, demonstrating a robust
verification process. This practice ensures that fixes are effective and
sustainable.

The outcomes of these retests are mostly positive, with 65% of researchers
finding that the vulnerabilities are generally fixed. However, 14% noted that the
vulnerabilities required further remediation steps, and 21% discovered new issues
during retesting. This encapsulates the dynamic nature of cybersecurity, where
fixing one issue can sometimes reveal others.

The efficiency of the retesting process is notable, with 38% of researchers

completing their retests in less than an hour and 30% taking less than two hours.
This quick turnaround highlights the agility and value that bug bounty programs
bring to organizational security, ensuring rapid verification of fixes and continuous
improvement of security measures.

15 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Going beyond
point-in-time testing
The survey responses indicate that security researchers see real
limitations of traditional point-in-time penetration testing in
providing continuous security assurance. A significant 81% of
researchers believe that such testing fails to ensure year-round
protection.

Furthermore, only 32% of these researchers think that traditional pentesting would
identify many of the same vulnerabilities uncovered during bug bounty hunting,
suggesting that bug bounty programs are more effective in finding diverse and
unexpected issues in a more creative way. This highlights the necessity for more
dynamic and ongoing security measures.

RESEARCHER

deleite

16 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Hybrid pentesting
addresses these gaps
Intigriti’s hybrid pentesting effectively By integrating continuous and proactive
merges the incentivization elements of security measures, organizations can better
bug bounty programs with the structured, prevent costly and damaging cyberattacks,
time-boxed methodology of traditional thereby reducing potential financial losses and
penetration testing. This model not only enhancing overall security posture.
ensures a consistent income for researchers
but also promotes exhaustive testing.

Under this approach, researchers receive a

fixed base bounty for each day of testing,
complemented by the chance to earn extra Intigriti’s annual hybrid pentest solution gives
rewards from a bounty pool for identifying us a cost-efficient solution with a higher quality
vulnerabilities. This structure further specifically aimed at our custom software. The
incentivizes researchers to conduct thorough innovative approach also fits in well with our
and diligent testing. ISO27001 policy and we are convinced that it
mitigates more risks than a traditional pentest.
Notably, 81% of survey respondents indicated
they would be more motivated to find Robert Van Bloem
vulnerabilities in a hybrid pentest scenario DEVELOPMENT MANAGER
compared to traditional pentesting.

The hybrid model not only boosts ROI by

introducing competitive and incentivized efforts
but also significantly improves the Return on
Prevention (ROP).

17 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Traditional Bug bounty Hybrid
pentesting programs pentesting

Objective Focused testing for Thorough and continuous Focused testing for
regulatory compliance testing to maintain regulatory compliance
and proactive security proactive security and proactive security
measures measures

Approach Methodology-driven, Creative testing, Methodology-driven

time-bound ongoing and creative testing,
time-bound

Results Predictable and almost Continuous pulse of Predictable and

immediate, can range immediate reports, immediate, can range
from low to exceptional can range from low to from low to exceptional
severity exceptional severity severity

Incentives Paid for time, Paid for results, Competition among

no competition amongst high competition testers, paid for time and
testers among testers paid for results

Duration Point-in-time, repeated at Continuous Flexible, on-demand

regular intervals and scalable

18 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Retesting vulnerabilities The importance of businesses asking hackers to retest

Proactively inviting researchers to retest vulnerabilities after they’ve been fixed according to hackers:

a vulnerability they submitted provides

another layer of assurance
A significant 95% of the community are likely or very likely to retest a vulnerability
they submitted if requested, indicating a high level of engagement and willingness
to contribute to continuous security improvement.

The survey results also highlight the critical role of retesting in vulnerability
management in the eyes of our community, with 99% of respondents affirming its
importance to a varying degree. This consensus reinforces that retesting provides a
crucial layer of assurance in maintaining robust security practices.

The value in retesting vulnerabilities according to researchers:

Not every vulnerability fix is accurate 69%

It can uncover new issues caused during remediation 68%

It keeps security teams accountable 43%

It offers a second chance to highlight high-priority security weaknesses 26%

It requires little time and resources, and so companies should make the effort 20%

0 25% 50% 75% 100%

19 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Financial gain continues
to remain the primary
motivator
RESEARCHER

Bruhbey

Three-quarters (75%) of the community participate in bug bounty

programs because they value the learning opportunities, 40% enjoy
the challenge, and 25% wish to contribute to global security.

However, the driving force behind the participation of 77% of researchers in bug
bounty programs is financial rewards.

Why do you participate in bug bounty programs

The money 77%

To learn 75%

The challenge 40%

For fun 25%

Help make the world more secure 25%

To be part of a community 22%

For recognition 12%

For swag and freebies 8%

0 25% 50% 75% 100%

20 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Getting the financial incentive right
and staying competitive
As part of this report, Intigriti analyzed the
data of 640 bug bounty tables. Compared Industry medians
to March 2023, the average bounty reward
Blockchain 180%
has doubled. Looking at the median bounty
Food & beverage 71%
amount, it increased by 13%.
Healthcare 63%
The increases in bounty rewards across various
Retail/eCommerce 54%
industries reflect evolving cybersecurity priorities. In
Manufacturing 32%
blockchain, established players are doubling down
Finance 31%
on their programs, resulting in a 180% increase in
Government 21%
rewards. Many food and beverage companies are
also increasing the median bounty pay-out after Public sector 14%

cleaning up the low hanging fruit of lower severity Media 1%

vulnerabilities. Healthcare has seen significant buy-in Entertainment 3%

from larger players, boosting budgets and resulting Banking 5%
in a 63% increase. Government programs are
Professional services 9%
expanding as digitalization increases the industry’s
0 25% 50% 75% 100% 125% 150% 175% 200%
scope, contributing to a 21% growth.

Conversely, sectors like banking, entertainment,

and professional services show small decreases,
reflecting minute shifts in cybersecurity
investment dynamics.

21 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Determining your bounty budget
A question we’re often asked is what Determining your bug bounty table Intigriti’s Bug Bounty Calculator
budget organizations should allocate for a Several factors need to be considered to answer this The Bug Bounty Calculator uses the pre-mentioned
bounty reward. To make this math a little question, including: factors to estimate the cost of a bug bounty reward.
easier, Intigriti has created a tool called › The industry of the business the program The severity of a vulnerability is calculated using the
the Bug Bounty Calculator to estimate a belongs to CVSS v3 calculator.
recommended table for you. › Size and scope of the program
› The average cost of a vulnerability. Estimate your bug bounty table
Bug bounty table explained Scan the QR code or go to
A bug bounty table is a tool used in bug bounty go.intigriti.com/EHR24-bug-bounty-calculator

programs to outline the rewards offered for

finding and reporting vulnerabilities. It sets clear
expectations for hackers and ensures consistency in
reward amounts.

Bounty tiers explained

Bounty tiers allow for different reward structures
based on scope. For instance, critical sections of
your website, like payment modules, might offer
higher rewards to incentivize researchers to focus on
them. Additionally, tiers can reflect the level of effort
required or the maturity of certain scopes. As scopes
mature, they may progress to higher tiers.

22 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 About Personio
Balancing speed and security:
Personio’s bug bounty program Industry

enables agile development Technology

The challenge The result

As a rapidly evolving tech firm, Personio is constantly The collaboration with Intigriti led to significant
Employees
enhancing their existing security posture. The improvements in Personio’s security posture. Specific
2,000+
continuous deployment of new features meant a achievements included:
more dynamic and responsive method to maintain
› Discovery of critical vulnerabilities: Identifying
security integrity was needed.
and mitigating risks such as input sanitization
The solution issues that could lead to XSS and other Customers
Personio implemented Intigriti’s bug bounty vulnerabilities or misconfigured domains that 10,000+
program early in their application security program could lead to subdomain takeover.
development. This decision allowed Personio to
› Proactive security measures: The insights from
leverage crowdsourced security efforts, ensuring
the bug bounty program initiated internal projects
continuous and comprehensive testing of their
that not only addressed identified vulnerabilities
platform. Intigriti’s managed triage team provided
quicker, but also improved overall security
invaluable support, handling the constant flow of
methodologies and tooling.
bug bounty activities and integrating seamlessly with
Personio’s existing tools like Jira. › Continuous testing assurance: Intigriti’s The bug bounty program starts providing

managed triage team ensured that Personio’s value from day one and can influence internal

platform was continuously tested by top decisions in the application security program.

security researchers, providing confidence

Carles Llobet Pons
in the platform’s security. SENIOR SECURITY ENGINEER

23 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 Key takeaways
1. Bug bounty programs provide a 3. Retesting: Very little effort required but
platform for relevant and timely security leads to significant assurance.
knowledge. Retesting vulnerabilities is a critical component
They offer practical, hands-on experience for security of effective vulnerability management. With 95%
researchers and internal teams that traditional of researchers willing to retest upon request, this
education and training routes cannot match. process ensures that fixes are effective and helps
Participants value these programs for their learning uncover new issues, significantly bolstering security
opportunities, with many considering them the most posture.
effective way to stay updated on emerging threats.
4. Staying competitive is vital in an
2. The incentivization format of point-in- already competitive world.
time security testing is shifting. Using tools like Intigriti’s bug bounty calculator can
Traditional penetration testing often fails to provide help organizations assess and improve their bug
continuous assurance. Hybrid pentesting, which bounty programs, ensuring they remain attractive
combines traditional methods with bug bounty to top security talent and proactive against evolving
programs, addresses this gap by offering a base cybersecurity threats.
bounty and additional rewards for discovered
vulnerabilities, enhancing ROI and ROP through
continuous engagement.

24 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 About Intigriti What to expect
Malicious hackers do not follow a predefined Leave the hassle of triaging behind
security methodology like penetration testers, and Our expert 24/7 triage team verifies all reports, saving your team time and ensuring only valid
automated tools only scratch the surface. Intigriti submissions reach you.
connects the brightest cybersecurity researchers
from across the globe with organizations to Security assurance
outmaneuver cybercriminals by staying on top of the We support your compliance requirements with ISO 27001 and SOC 2 certifications. Our Trust
evolving threat landscape. Center provides a live dashboard where you can gain insights into our security and compliance
posture in real-time.
Ready to outmaneuver
Easy communication
cybercriminals with global Seamlessly interact with security researchers on the Intigriti platform for updates, questions, and
crowdsourced security? scoping new domains.

Streamlined processes
Book a meeting today
Our legal framework ensures swift payment processing in days, outpacing the industry standard by

Or go to go.intigriti.com/EHR24-contact
weeks.

Program oversight
Trusted by the world’s largest organizations Our dedicated technical customer success team is committed to attracting top-tier security
researchers to your program, while conducting regular reviews to ensure sustained momentum
post program launch.

25 / THE E THIC AL HACKER INSIGHTS REPORT 2024

 100K+ 9.2 1.5 day
100K+
Researchers active on Net Promotor score Average triaging*
the Intigriti platform

Total vulnerability
reports have been filed

€26M+
400+ Rewards paid

32
to the community
Active programs

Countries serviced
with our solutions

*12 business hours is the time it takes on average for

Intigriti to review and validate a vulnerability report

Information from Q2/2024. We are constantly growing, so please contact our

sales department or see our website for an accurate number.

26 / THE E THIC AL HACKER INSIGHTS REPORT 2024

Contact us
Need some help getting started with ethical hackers?
Our experts can help you maximise the success of your bug bounty
program. Get in touch today to connect with the brightest and most
experienced researchers on the globe.

www.intigriti.com [email protected]

Intigriti hackwithintigriti @intigriti Intigriti Intigriti