Hi @adam,
Just to give you some insight in to how I’m thinking about the blitz for existing program participants:
We will get all the researchers who are participating in your program onboarded to the blitz program.
The blitz program will have incentives for them to report to the blitz program(we’re still thinking about what these will be, more information to come). These incentives will clearly be in the researchers best interest, and so they will want to report to the blitz over your current program.
In the event that a researcher reports a vulnerability for one of your cloud apps to your ongoing program, rather than the blitz program, it would also be in your best interest to close the submission and ask them to report it in your blitz program (and that’s totally fine to do whilst the blitz is on). The blitz doesn’t cover server apps, so you would still triage them as per usual.
As @AnshumanBhartiya eluded to - we’re still very early in organising the blitz (we’re really a week plus or minus a few days) into really moving forward with this idea. We wanted to get the word out to vendors quickly, so that they can plan this work in their roadmaps, and so we can get a sense of just how many vendors are going to want to sign up to this program (so we can organise ourselves for that kind of scale).
I hope that helps answer the questions!
Thanks,
Matt