As researchers submit vulnerabilities into public programs Bugcrowd assess their skills and ranks their trust level, amongst other performance attributes. In order to be invited to private programs, researchers must prove their abilities and trustworthiness via public programs. Our curated crowd consists of researchers around the world may participate, with the exception of those from countries the U.S. has issued export sanctions or other trade restrictions against (ex. North Korea, Iran).
In our crowd, we have some of the most talented security researchers in the world. Moreover, many of these researchers bug hunt on the side, maintaining full-time jobs as penetration testers, security engineers, developers. The bug bounty model leverages volume of skilled researchers to yield more, better results. For customers that require a more specific skill-sets, we run private programs with a curated, skills-vetted crowd. If a client has specific country specific requirements for researchers this can be assessed.