New reward system to accelerate learning and growth on Detectify


Tl;dr: We have updated our reward system to make it easier for you to know what you might earn with Detectify Crowdsource. If your submission is accepted you will now get paid a fixed reward regardless of technology. You will also get paid for every time that vulnerability is found in our customer’s systems, from the first hit with no limit on how many hits you can get.

Detectify Crowdsource is a platform for ethical hackers to scale the impact of their bug hunting through automation. Ethical hackers submit vulnerabilities they find in widely used technologies that are then automated and made available to thousands of Detectify customers around the globe to enable them to secure their external attack surface. Each time a vulnerability is found in a unique customer asset, a bounty is paid to the ethical hacker who submitted the vulnerability.

Since launching Detectify Crowdosurce in 2018, we’ve issued over 250,000 USD to our private community of ethical hackers. Our reward system pays ethical hackers through continuous bounties instead of a single lump-sum as many bug bounty programs do. This unique approach to a reward system ensures ethical hackers continue to see the financial benefits of finding high and critical severity vulnerabilities in a wide variety of technologies over time.

Our new reward system will make it clearer what you may earn

Detectify fingerprints over 300 technology types across its global customer base. We presented a curated list of these fingerprinted technologies to our community members based on a few internal factors. We awarded “Guaranteed Payouts” to hackers if they found vulnerabilities in the technologies listed. This meant that if you submitted a critical vulnerability on Adobe Experience Manager (AEM) and it met our submission guidelines, you would be awarded $300 which was equal to 3 unique hits. However, you wouldn’t receive another award on this vulnerability until it got 4 unique hits as guaranteed payouts served as an advance on earnings.

However, we’ve learned from members that some have opted to not submit a vulnerability if it wasn’t listed on that prioritized list because it wasn’t clear if they would earn anything. In most cases, we would accept technologies not listed so long as it followed our submission guidelines and was accepted by our internal research team.  

We’re changing that by replacing guaranteed payouts with fixed payouts. As of Wednesday, October 12, 2022 all submissions that meet our submission guidelines and are accepted will receive a fixed payout when the submission goes live. 

But that’s not the best part: you will also begin earning rewards on unique hits from your first hit. This means that if you submit a critical vulnerability and it gets 2 unique hits after it goes live, you will be awarded $500 (fixed payout of $300 plus $200 for 2 unique hits).

Our platform was built to help ethical hackers scale their work   

Unlike traditional bug bounty programs where ethical hackers can earn one-time rewards from individual companies, Crowdsource empowers them by democratizing security research. Ethical hackers can now scale their work by helping thousands of companies with a single submission, and receiving passive income with each finding on a customer asset.

In addition to what we’ve covered above, members of our community benefit from a variety of additional programs:

  • Quarterly Leaderboard Awards. At the beginning of each quarter, we award our top 5 users with a special gift recognising them for all of their hard work during the past quarter. 
  • Annual Leaderboard Awards. Ethical hackers on our platform dedicate hours to identify high and critical severity vulnerabilities that keep our customer’s systems secure. We celebrate these hackers at the beginning of each year through custom swag awards, such as one of our 2021 winners.
  • Bonus Periods. We host bonus periods every few months on a variety of topics to inspire hackers to hack on new technologies or even respond to current events, like Log4j.

Combining human ingenuity and automation

Our community consists of 400+ brilliant ethical hackers that together have generated over 250 million vulnerability findings across the attack surfaces of our 2000+ customers. This monumental achievement from our community is fueled through their submissions, knowledge, and dedication to making the Internet a safer place. No wonder we are proud of them!

Interested in joining our community?

Wondering how you can join our community of leading ethical hackers? Try out our signup challenge to see if you have the experience needed to join Detectify Crowdsourcer here.





Source link