Intigriti
Intigriti is the third major platform and it's been growing steadily. EU-headquartered, EU-heavy program list, and a noticeably different culture from H1 and Bugcrowd. If you're not on Intigriti yet, you're leaving programs untouched.
The EU Angle
Intigriti's program list skews heavily toward European companies: banks, telcos, retailers, SaaS companies headquartered in Belgium, Netherlands, Germany, France, and the UK. These targets are dramatically underworked by US-based researchers who stick to H1 and Bugcrowd.
Why this matters: less competition. I've found medium-severity bugs on Intigriti programs that would have been duplicated in hours on H1. The same effort produces better results because the researcher population is smaller and the programs are less picked over.
European companies also tend to take GDPR seriously, which means data exposure findings often get elevated severity ratings. Frame your impact accordingly.
Researcher Tools
Intigriti's platform has some researcher-facing features worth knowing:
- Live hacking events: Intigriti runs LHEs for top researchers. These are invitation-based but they do invite based on activity on the platform, not just rank. Being active on Intigriti programs raises your visibility for these.
- Reputation system: Points-based, weighted by severity. Similar concept to H1 reputation. Builds up from valid findings.
- My Programs dashboard: Cleaner than H1's interface for tracking your open reports across programs.
- Researcher profile: Public profile with disclosed findings, useful for building a portfolio.
Triage Experience
Intigriti's triage model is different from both H1 and Bugcrowd. Most programs on Intigriti use in-house triage from the program's own security team, with Intigriti providing platform support rather than a separate triage layer.
In practice, this means:
- Direct communication with the company's actual security engineers on many programs
- More context in responses, fewer canned replies
- Slower first response on programs with small security teams
- Better outcomes on nuanced findings that need explanation
The tradeoff is speed. Some programs are very responsive. Others, especially smaller companies using Intigriti for their first bug bounty program, can be slow. Check the program stats for median time to first response before committing significant time.
Bounty Payments
Intigriti pays out in EUR for most programs. If you're in the US or another non-EUR region, factor in conversion rates. They also support payments via bank transfer, PayPal, and Wise depending on the program. The payment processing is generally faster than the industry average in my experience.
Program Discovery
Intigriti's public program list is visible without an account. Browse it at intigriti.com/programs. Filter by industry or scope type. Some programs are private and invitation-only, same as H1.
Finding new programs on Intigriti is easier than H1 because the overall volume is lower. New programs stand out. Set up notifications if the platform supports it.
Scope Quality
Something I've noticed: Intigriti programs tend to have cleaner, more detailed scope documents than the average H1 program. The exclusions are usually explicit and the in-scope assets are clearly listed. This may be partly cultural, partly that Intigriti's customer success team does a better job onboarding programs. Either way, you spend less time guessing about scope edge cases.
Growing Platform
Intigriti's researcher count and program count have both grown year over year. It's still meaningfully less competitive than H1 for most programs. That gap will close over time. The window where Intigriti programs are underworked won't last forever.
My recommendation: get established on Intigriti now while the competition differential still exists. Build reputation on the platform, get familiar with their top programs, and you'll be positioned better as the platform grows.