TrueLayer boosts report quality and simplifies rewards with Intigriti
The challenge
Before collaborating with Intigriti, TrueLayer managed its own self-hosted Vulnerability Disclosure Program (VDP), welcoming security issues from the security researcher community. This was an important first step towards embracing crowdsourced intel and increasing the security maturity of their security team. Nonetheless, this presented several new challenges:
High volume of low-quality reports: Many reports were low effort and semi-automated, yet each required a specific response.
Complex reward coordination: Valid reports required coordinating bounty payments with researchers located in various countries, complicating the process due to different banking systems and currencies.
It’s essential to have a Vulnerability Disclosure Policy. Someone will inevitably test your product for security issues, so it’s important to clearly outline what they can and cannot test
Lee Boynton
Senior Cloud Security EngineerThe solution
TrueLayer sought to outsource the triaging of security reports, simplify the process of rewarding researchers, and focus on the remediation of potential issues. Intigriti provided the ideal solution by:
Managing report triaging: Filtering and validating security issues to focus on relevant reports.
Streamlining payments: Facilitating the reward process, making it easier and faster to compensate researchers for their findings.
The result
Today, TrueLayer is running a public program with significant improvements and benefits:
Time saver: With triage handling the initial filtering, their workload is reduced by 70%.
Consistent and qualitative report flow: Achieving a steady number of reports each month without overwhelming the budget, thanks to a controlled rollout and automated processes.
Enhanced security knowledge: Gaining insights into new offensive security techniques and better understanding TrueLayer's attack surface.
Efficient integration: Simplifying issue tracking with Jira integration and improving platform access with SSO integration.
For more details on how TrueLayer implemented their bug bounty program, read their blog post "How We Rolled the Bug Bounty Program Out"
TrueLayer
TrueLayer, an open banking payments network, aimed to strengthen its security measures while efficiently handling vulnerability reports. With a focus on maintaining high-security standards and rewarding researchers, TrueLayer partnered with Intigriti as a reliable bug bounty provider. Mainly because of Intigriti’s strong European presence and researcher knowledge, given TrueLayer primarily operates in the UK and Europe.
Industry
Financial Software
Employees
350+
Maximum pay-out
€ 6,000
Ready to streamline your security processes and achieve similar results? Book a demo with one of our experts today and learn how Intigriti’s service can benefit your organization. Contact us for more information and take the first step toward enhanced security.