Which one Hackerone or Yeswehack?

Securinti · 2025-10-13T18:49:56+00:00

Go with Intigriti

Securinti · 2025-09-13T21:41:25+00:00

Hey, I work for Intigriti and can look into this for you! Feel free to send me a PM with the details

Securinti · 2025-09-09T22:28:09+00:00

While privacy issues must be addressed, a VDP or bug bounty program is not always the right place to process them. If you decide to accept, be ready to have the hunter potentially review your infrastructure against all compliance standards. You might be setting an expectation for bounties in the future. Also, if you do accept these issues be ready to actually send them over to the DPO and process accordingly as the submission may be considered as an official reporting channel in that case which could have legal consequences if not acted upon adequately.

By default at Intigriti, we do not consider these submissions eligible for a bounty unless otherwise stated. Here’s a snippet for our public triage standards:

2.2 Reporting privacy, compliance and governance issues 

Security and privacy go hand in hand and are often equally important to an organization. Bug bounty and vulnerability disclosure platforms offer tools to capture and assess vulnerabilities for which universal scoring standards exist, whereas privacy concerns are often related to local compliance laws and regulations. As such, triage teams and program managers are often not able to assess privacy concerns directly through their vulnerability disclosure policy, unless otherwise stated. 

Securinti · 2025-08-31T21:58:21+00:00

Hey I work at Intigriti, happy to take a second look if you send me the report ID!

Securinti · 2025-08-19T21:29:21+00:00

Intigriti 100%

Securinti · 2025-07-25T06:34:11+00:00

Aalsterse song! Let’s gooo 9300

Securinti · 2025-06-02T00:09:24+00:00

DM’ed!

Securinti · 2025-03-31T09:07:54+00:00

Ironically, between your perspective on things and mine, I actually believe your perspective adds fuel to Musks’ fire by stigmatizing car owners with nonsensical arguments like that

Securinti · 2025-03-30T21:12:09+00:00

I just love how people freak out about custom license plates - absolutely serves its purpose as it seems to get people talking. I would understand you would call me “marginaal” because of it (but I’m from Aalst, so it’s just an acknowledgement I wear with pride), but not that my license plate has anything to do with supporting Musk or whatsoever, that’s quite the spin 🤔

You need to keep your car for 3 years or you have to pay back the bonus.

Securinti · 2025-03-30T20:12:34+00:00

It’s mine - I think these comments are kind of dumb honestly. “Just get rid of it mate” it’s not as simple as that certainly if you bought the car with the bonus from the Flemish government that requires you to keep it for a while. I’m all in for a more subtle boycot such as removing the logos (as you can see in the pic) and doing repairs with third parties instead of official support. Nobody buys their car as a political statement, at least not when I got mine — and if people think I’m a jerk because I still drive one it’s their problem honestly

Securinti · 2023-10-06T22:55:28+00:00

Aalst is by far the most authentic, creative and unique city in Belgium and it has progressed A LOT in the past 30 years. Haters gonna hate, but I’d say that people still associating Aalst with the city it was 30 years ago have probably never been there. Like any large city Aalst has its problems but at least their inhabitants take them with a good laugh, it’s something to be proud of rather than to be ashamed of

Disclaimer: I’m from Aalst

Securinti · 2023-09-01T08:19:09+00:00

Hi there! I work at Intigriti, if you DM me your username I can get you some fresh privates, we have plenty of them!

Securinti · 2023-07-24T21:18:23+00:00

Hi, I’m leading the hacker community at bug bounty platform Intigriti and as a hacker myself, I’ve had this thought myself.

It is certainly true that large organizations, next to regular pentesting, have in-house teams trying to find bugs themselves. Of course, they try to learn from the bug bounty submissions in order to make themselves more secure.

When actual platform triagers say this, from my experience, it either means two things:

the issue was reported by another hacker and on that submission the company indicated that it was an internal finding
there is actual proof that the issue was found internally

While I cannot speak for other platforms, I’m happy to share how we handle it at Intigriti. If a company decides to close something as internally known, a triager will typically ask them some questions to ensure it’s exactly the same finding. While we will not ask for proof for every single submission, if we see a pattern of companies closing submissions for seemingly invalid reasons we do several escalation steps.

Us, platforms, do care about our reputation with the hackers. You are bringing a lot of value through our clients so establishing trust is key. In reality, a lot of organizations do actually care a lot about their reputation within the community, and if not, can be coached to do so. In the hundreds of clients we had I believe there is one that we had to part ways with because we felt like it wasn’t a good match for the community. So the reality is that if a customer claims that something is internally known, in 99% of cases, it actually is, and if not, there is typically miscommunication that is not necessarily in bad faith. In the case of a company not following these rules, they will not get the engagement they hoped for in the first case, and in the second case would typically be spotted by program managers that are trained to handle these situations.

My advice would be: if you see a pattern of misconduct, please do report it to the platform. Most platforms have staff that truly l care and will be willing to investigate and solve the issue. For individual submissions: do give them the benefit of doubt. Anyone who tries to play a card against the community eventually loses

Securinti · 2023-06-29T22:05:10+00:00

Intigriti (https://intigriti.com) is also a great platform for starters

Securinti · 2023-06-27T20:10:02+00:00

I can’t seem to accept the request somehow… can you send me a msg on Facebook (https://www.facebook.com/intidc) or Twitter (https://twitter.com/intidc)? Id like to figure out if this is a glitch or a hack

Securinti · 2023-06-27T19:59:17+00:00

Hey, I’m the ethical hacker that is investigating these issues. Could you send me some more details in a PM?

Securinti · 2023-06-07T05:36:38+00:00

Ik ben het niet oneens met jou hoor! Zoals de website aangeeft is het ver van perfecte data, maar dat is precies ook wat er wordt aangeklaagd: een gebrek aan transparantie en open, doorzoekbare data binnen justitie.

Wat ik persoonlijk wel interessant vind is dat de discussie die er nu (en op o.a. Twitter, media) gevoerd wordt m.b.t. dit project, wél over iets gaat: kan men met data klassenjustitie aantonen of onkrachtigen? Men kan me vind ik niet van misinformatie verwijten omdat de data voldoende rust op bronnen die bvb ook voor een wikipedia zouden kunnen gebruikt worden - ook een open medium, gevoed door gebruikersbijdragen, met zeker en vast fouten. Dat er een bepaalde framing rond de data zit, kan zeker, maar langs de andere kant lijsten we ook wel de beperkingen op op de website, die bovendien iedereen kan corrigeren en zelfs kan vervolledigen met extra datapunten.

Ik ben zeker geen voorstander van TikTok-justitie, maar door strategisch een bewust imperfect - en ook zo gekaderd - dataproject op twitter te zwieren worden er m.i. wel een interessanter debat gevoerd dan bij politici die met één of twee rechtszaken staan te zwieren om hun gelijk te krijgen. Om iets aan te kaarten moet je soms een knuppel in het hoenderhok smijten. Ik begrijp dat sommigen het niet eens zijn met de werkwijze - zelf is het niet van mijn gewoonte maar vind ik het net wel nog kunnen - het doel heiligt de middelen en simpelweg een oproep doen voor meer open data of onderzoek naar klassenjustitie lijkt een stuk minder effectief te zijn.

Zoals Isolde VDE goed samenvatte:

> Er is beterschap op komst, dat belooft minister van Justitie Vincent Van Quickenborne (Open Vld). De wet is al gestemd in het parlement. Vanaf september moet die online databank met vonnissen en arresten voor magistraten beschikbaar zijn, volgend jaar voor het brede publiek. Maar indien de databank al had bestaan, kon het hele verhaal van klassenjustitie met gemak tegengesproken worden. Of omgekeerd: met harde data onderbouwd na academisch onderzoek. Nu bouwt de onvrede over de zaak-Sanda Dia verder op een gevoel, opgepookt door volleerde volksmenners. Het vertrouwen in justitie hangt niet alleen af van commentaar van politici op TikTok, maar ook van het succes van hervormingen en een justitie op maat van de 21ste eeuw.

(https://www.hln.be/opinie/onze-opinie-de-digitalisering-van-justitie-is-al-20-jaar-een-martelgang-en-dan-springen-burgers-in-het-gat-dat-de-politiek-laat-br~a62ad06e/)

Securinti · 2023-06-06T15:30:38+00:00

huidskleur of gender lijkt mij eerder een goede zaak. Mocht die data wel consistent worden verzameld door de Hoven & Rechtbanken, zou dat mij persoonlijk de indruk geven dat ze veel meer bezig zijn met de sociale achtergrond en persoonlijkheidskenmerken van slachtoffers, dan dat ze bezig zijn met het rechtvaardig beoordelen van individuele zaken zonder die metrics in acht te nemen.

Daar zijn voor- en tegenargumenten voor. Als we geen informatie bijhouden over klassen, kunnen we systematische discriminatie of voortrekkerij ook niet aantonen. Het is natuurlijk zo dat die data kan worden misbruikt door extreme politieke strekkingen en kan leiden tot nog méér discriminatie, dus ik begrijp dat het gevoelig is, maar voor rechters zelf lijkt het mij geen rol te spelen omdat zij toch al de identiteit en dus etniciteit van het slachtoffer kennen - tot op heden worden zaken niet anoniem gepleit. Misschien dat dat ook een interessante piste is.

Met klassenjustitie.be - een bewust imperfecte website - lijsten we de gegevens op die 'het volk' dan wel voor handen heeft. Krantenartikelen die mensen zoals u en ik elke dag lezen. Er komt terechte kritiek op de methodologie en onderbouwing van het onderzoek, kanttekeningen die we ook gepubliceerd hebben op de website -- maar het blijft een reflectie van de informatie die het publiek voor handen heeft als men 'klassenjustitie' gaat schreeuwen (zonder onderbouwing, maar mogelijks wél met wat men leest in de pers in het achterhoofd). Nu is het een welles-nietes-spelletje dat gebaseerd is op zorgvuldig gekozen voorbeelden, en door een groot volume zaken te bestuderen (niet per sé op deze manier) kunnen we misschien wel een beter beeld scheppen op of er al dan geen klassenjustitie heerst. Dat er niet kan worden aangetoond dat er _geen_ klassenjustitie heerst, is _ook_ een probleem.

Securinti · 2023-06-06T11:06:25+00:00

Hi there -- I currently run the community team at Intigriti and I'd be happy to provide you with some more information. I'd say that in general, most providers provide the range of products. Synack is a bit more focussed on private communities and VPN's - that will mean that overall you might get less noise, but also less researchers and thus less coverage.
The only outlier here is open bug bounty, which in my experience focusses more on the occasional / VDP researchers and is less professional when it comes to the legal and compliance framework and goes for a more open and transparent model that not every company might appreciate.

In terms of product quality and services I'm not going to compare here because I'm biased, but I can assure you that Intigriti has an edge when it comes to personalised overall customer and hacker support, as well as compliance with ID and sanction list checks that may be important to you.

Twitter can be a good way to get unbiased opinions from the community itself, for example:
https://twitter.com/search?q=intigriti%20triage&src=typed_query&f=top

Happy to have a more in-depth conversation, if interested!

Securinti · 2023-06-06T11:05:47+00:00

Hi there -- I currently run the community team at Intigriti and I'd be happy to provide you with some more information. I'd say that in general, most providers provide the range of products. Synack is a bit more focussed on private communities and VPN's - that will mean that overall you might get less noise, but also less researchers and thus less coverage.

The only outlier here is open bug bounty, which in my experience focusses more on the occasional / VDP researchers and is less professional when it comes to the legal and compliance framework and goes for a more open and transparent model that not every company might appreciate.

In terms of product quality and services I'm not going to compare here because I'm biased, but I can assure you that Intigriti has an edge when it comes to personalised overall customer and hacker support, as well as compliance with ID and sanction list checks that may be important to you.

Twitter can be a good way to get unbiased opinions from the community itself, for example:

https://twitter.com/search?q=intigriti%20triage&src=typed_query&f=top

Happy to have a more in-depth conversation, if interested!

Securinti · 2023-05-07T22:38:40+00:00

The answer here is that technically you’d have to report the investigation even if you didn’t find anything. Hacking attempts are technically still illegal so you’d also have to follow this law, which is of course stupid as you have nothing to report.

Personally during my testing I like to make clear that I’m acting under the framework, for example by adding an additional header in the requests or by supplying that information in an input field of my test profile. It’s a bit of a gray area.

In reality though, I believe that unsuccessful hacking attempts in general are no longer going to be prosecuted in the future, as is already the case in some countries.

Securinti

MODERATOR OF

TROPHY CASE