One of the most Frequently Asked Questions Bugcrowd receives is “How can I as a researcher maximize my private bounty invitation potential?” Actively submitting critical issues and minimizing invalid submissions (Read the brief! Know the VRT!) are some of the best ways researchers can achieve this, but they only contribute to the first three aspects of how a private crowd is picked. The fourth aspect (trust) can take time to establish, as it is based on a researcher’s track record “of staying inside the terms of the bounty brief, which includes following the scope and honoring any non-disclosure requirements.” Researchers do have the option to opt into ID Verification with Bugcrowd however, which can significantly increase eligibility for invitations which may have specific restrictions.
As new industries adopt the Bug Bounty model, many (like financial institutions) may operate in highly regulated environments. Program owners may have geographic restrictions for the Crowd they can invite due to compliance or regulatory requirements and in these instances, Bugcrowd can only consider Crowd candidates who have ID verified, as this process confirms the country in which a researcher resides.
Bugcrowd uses a third-party provider, Netverify, to perform the identity check. Your privacy is important to us. Bugcrowd does not store any confidential or personal information about you on our servers. We only note that you have verified your identify and list the country you were verified in. Verification through Netverify is easy, requiring only a valid, accepted piece of photo ID. Here’s how to get started: Verifying your identity.
While performance and technical skills needed for the customer targets will always be the most important factors in private bounty eligibility, being ID verified can open up opportunities!