Some programs are invitation only. This means that the company wants or needs to restrict access to their program for a subset of researchers. Generally, invitation-only bounty programs work the same as public programs. The major difference is that they are private and you have to be invited to participate in the program. Usually, private programs grow over a period of time, add new scope, increase rewards, and remove restrictions to enable a larger number of researchers to participate.
- If you are selected to participate in a private program at launch, Bugcrowd will send an invitation roughly 48 hours prior to the start of the program (due to a few circumstances this may not be possible always).
- When a program is able to increase the number of participants and you are selected to participate, you will be able to begin testing immediately on the ongoing program.
All invitations are sent from Bugcrowd and not from the actual company running the bounty.
Bugcrowd selectively invites researchers to private programs based on the skill set required (determined based on the program) and the activity (based on your historical statistics). For detailed information, click here.
You can view an invitation from the email that you have received from Bugcrowd or by logging in to Bugcrowd.
In the email, you have received from Bugcrowd, click View Invitation.
The Programs tab displays the invitation as shown.
Log in to Bugcrowd, click your profile icon, and then click Invites.
The Programs tab displays the Pending Invitations. These are the programs you have been invited to and you have not accepted the invitation.
In the Programs tab, click View Invitation.
The Disclosure policy pop-up message is displayed.
Click Accept terms.
The following screen is displayed.
Information such as Reward Range, Targets, Program Rules, and the assigned credentials are displayed. Read all this information before accepting the invite.
When you click Accept Invite, the Program is available in the Accepted Invites tab.