Platform changelog

Companies

Updates to the LoA and Pentest Report

We've updated thep (LoA) and Pentest Report exports. For completed comprehensive pentests, we've added pentest checklist items to the reports.

Advanced Search on Submission

Overview You can now refine your searches on the submission overview. When using the text search, you can choose specific fields within a submission to search (e.g., Title, Internal Reference, Submission Code), making it easier to find the submissions you need.

Companies

Custom Bounties in the Company API For larger customers using our Company External API, you can now override the standard bounty amount and award custom bounties when accepting submissions, offering you more flexibility in rewarding researchers over API.

Addition of a 4th and 5th Bounty Tier We've added two new bounty tiers to provide you with more flexibility in customizing your program rewards based on the importance, complexity, and maturity of your assets. More details about bounty tiers can be found in our Knowledge Base.

Pentesting Checklists You can now request researchers to complete a web application testing checklist when they perform a pentest for your program. This will help ensure a more structured testing process.

Improvements to Credentials Upload We've improved the credentials upload functionality to ensure that the order of credentials you provide is maintained within the platform.

Researchers

Enhanced Onboarding Experience New researchers joining the platform will now go through an onboarding process. This will allow them to provide more information about their skills and preferences, helping them personalize their experience on the platform.

Improvements to Markdown Editor We've introduced some minor improvements to our Markdown editor, which you use for submitting and discussing vulnerabilities, to make your experience even more seamless.

Researchers

Engagement Logs

We've added a new feature that allows you to share data on the amount of time you spend hunting on the domains of a program. By submitting engagement logs, you'll be able to see insights into where other researchers have been focusing their efforts. Please note that we are currently in the data-gathering phase for this feature.

Full-Screen Inline Images

You can now click on images within the platform to open them in full-screen mode for easier viewing.

Companies

Program Budget Notifications

Company admins can now configure a budget threshold to receive notifications when their program budget falls below a specified limit. This feature is perfect for companies seeking an early warning before their program risks automatic suspension. More details about the low-budget notifications are available in the Knowledge Base.

Delete Hybrid Program Drafts

Admins can now delete drafts of hybrid programs, just as they can for bug bounty drafts. While launching programs is always our goal , this update helps maintain a clean platform by allowing the removal of unneeded or mistakenly created drafts.

Submission retesting is here!

Now, companies can request retests for accepted submissions to ensure vulnerabilities have been resolved. Simply specify a bounty and deadline for the retest. The researcher will confirm if the issue is still present.

For more information, visit our latest changelog

Companies

PDF and CSV Export

Exporting submissions as PDF or CSV is now available through the latest version of the Company External API, providing more flexibility and accessibility in handling submission data.

Researcher Platform Statistics

We've refined the researcher overview to allow toggling between program-specific stats and overall platform stats, addressing previous confusion and enhancing clarity.

Hybrid Program Export Improvements

Numerous improvements have been made to the Letter of Attestation and Pentest Report exports for Hybrid programs, ensuring more accurate and comprehensive documentation.

Researchers

Active Researchers

Researchers can now mark themselves as active on any non-VDP bug bounty program. On a program detail page, researchers will have the option to indicate through a toggle in the ‘Program actions’ card that they are 'active on this program and open to collaborate'

Messaging & User Mentioning

Enhanced messaging features and the ability to mention users directly in messages, improving communication and collaboration.

Learn more

VDP Guiding Principles

 Introducing guiding principles for Vulnerability Disclosure Programs (VDP) aimed at enhancing clarity and motivation for researchers.

Report Illegal Content on Our Platform

Users who encounter illegal content on the Intigriti platform can now report it directly through the platform. This feature aligns with our commitment to comply with the EU Digital Services Act (DSA) (Regulation (EU) 2022/2065).

Learn more

Companies

Jira integration deactivation notification

Customers will now receive email notifications if their Jira integration is deactivated, helping companies to quickly respond to unexpected issues.

View submission severity history

Company users can now view the entire history of submission severities, including previous severity vectors.

Improvements to the submissions overview.

We heard your feedback. The archived submission toggle is now accessible, directly visible in the submission overview, improving ease of use.

Researchers

Update to Hybrid Pentest notification

Researchers who have applied to Hybrid Programs will now be notified if the test window or expected effort changes. This ensures researchers can adjust their applications if the new schedule no longer fits their availability.

Cooldown period for Hybrid Pentest

When the test window in Hybrid Pentests is modified, a cooldown period has been added before companies can pick researchers. This gives researchers time to confirm their availability for the updated window.