Unlock the State of Pentesting 2023! Explore 3,100 pentests with expert insights on vulnerabilities, security challenges, & maximizing pentest value.

Researcher Vetting + Verification

Over the past few weeks, we’ve implemented a series of small tweaks to the signup process for Cobalt testers. These changes are made to...

Over the past few weeks, we’ve implemented a series of small tweaks to the signup process for Cobalt testers. These changes are made to help build a more trusting relationship between businesses and security researchers on our platform. Today, we want to help give you a little more insight into the vetting and verification process that all security researchers undergo before being able to participate in any of our security programs.

Vetted on skills and experience.

The Cobalt vetting process is designed to ensure that our testers are the best and brightest crowd around. When inducting a researcher into the Cobalt Core, we look at a their skills, experience, and achievements in past security programs. This addition to the registration process ensures that only the best security researchers are active in Cobalt programs.

Undergo identity verification before receiving reward payments.

By law, we are required to keep a valid form of identification for each security researcher that receives payment through our platform. We know what you’re thinking — No, we did not suddenly become the NSA. We do this to be compliant, and to ensure that testers are paid for their bug bounty rewards as quickly as possible. We are committed to securely storing our tester data.

Profile Tips for Security Researchers

Your Cobalt profile is an important tool in building trust with businesses hosting bug bounty programs. All testers are encouraged to complete their tester profiles, which are visible to businesses and could potentially be showcased in our Hall of Fame.

  • Include as much information as possible about your background and accomplishments in security and web application testing.

  • Complete your profile by adding social network profiles, a strong profile image, and links to your work. (This will help speed up the vetting process)

  • We understand if you aren’t comfortable uploading your face on the internet — but avoid using cartoons, and offensive or violent images for your avatar.

  • Users with incomplete profiles or inappropriate profile images may have to wait longer for the vetting process to be complete.

We’ve instituted these changes to give both our researchers and businesses a positive experience on our platform. Do you have any questions or comments about these changes? Check out our FAQ or get in touch with us at

Back to Blog
About Julie Kuhrt
Julie Kuhrt is a former community content manager at Cobalt. With nearly a decade of experience across community and marketing teams, Julie brought a wealth of expertise and experience to her programs at Cobalt. More By Julie Kuhrt
Cobalt's First Pentester: Shashank
Shashank was Cobalt's first official pentester in the Core. We sat down with him to talk about how his journey into pentesting started and how he has seen the Core grow.
May 11, 2022