Program Policy Page

This page contains key information about the program and the program's disclosure policy. The policy page includes the following components:

1. Disclosure policy: This section outlines the program's policy for disclosing vulnerabilities to the public. It includes information about when and how vulnerabilities will be disclosed, and the timeline for disclosing vulnerabilities.

2. Policy for in-scope assets: This section outlines the assets that are in scope for the program, and the types of vulnerabilities that will be rewarded.

3. Bounty reward structure: This section outlines the structure of the rewards offered by the program, including the minimum and maximum rewards for different types of vulnerabilities.

4. Rules of engagement: This section outlines the guidelines for how bounty hunters should engage with the program, including the types of testing that are allowed and the types of activities that are prohibited.

5. In-scope and out-of-scope assets: This section lists the assets and technologies that are in-scope and out-of-scope for the program.

The program policy page provides important information for bounty hunters and program managers alike, and it should be kept up-to-date with the latest information about the program. Program manager should make sure that the Policy page is updated with the latest information about the program and the program's disclosure policy, this will help bounty hunters understand the program better and increase the quality of the reports.

On the top side of the program policy page, there are six tabs:

1. Policy: This tab contains the program's policy, which includes information such as the disclosure policy, reward eligibility criteria, policy for in-scope assets, bounty reward structure, and rules of engagement.

2. Scope: This tab contains all the scope groups, which define the assets that are in scope for the program.

3. Members: This tab contains a list of all the members who manage this program. Program managers can add or remove members as needed.

4. Credentials & VPN:

   1. VPN Access

   2. Credentials

   3. Whitelist

5. Hall of Fame: This tab contains a leaderboard of the top bounty hunters who have hunted on the program.

6. Changelogs: This tab contains a record of all the changes that have been made to the program's policy. This can be useful for tracking changes and understanding how the program has evolved over time.

Program Statistics

Program statistics are displayed on the right side of the policy page, offering a quick overview of the program's performance. These include:

1. Total Reports Received: Displays the cumulative number of reports submitted to the program.

2. Assets in Scope: Indicates the total number of assets currently included in the program's scope.

3. Bounty Range: Highlights the range of bounties awarded for various vulnerability types.

4. Average First Response Time: Shows the average time taken to acknowledge a submitted report

5. Average Report Resolution Time: Reflects the average time it takes to resolve a report after submission.

6. Average Report Triage Time: Indicates the average time taken to evaluate and triage report.

7. Last Report Triaged: Displays the time elapsed since the last report was triaged by the program.