We’ve shared details on how we select researchers to invite to our private bounty programs. These are programs that typically have higher payouts than our public programs. There’s also less competition with other researchers, since the number of invitees is relatively small.
Today I thought it would be interesting to our Crowd members to take a look at private bounty program invitations. With both public and private bounty programs and over 17,000+ security researchers, how does Bugcrowd choose who to invite to a private program? Is there a secret handshake? A password to a private clubhouse? Do I roll the dice?