Program Policy Page

View Policy, Scope Groups, Credentials, Hall of Fame and Changelogs

This page contains key information about the program and the program's disclosure policy. The policy page includes the following components:

  1. Disclosure policy: This section outlines the program's policy for disclosing vulnerabilities to the public. It includes information about when and how vulnerabilities will be disclosed, and the timeline for disclosing vulnerabilities.

  2. Policy for in-scope assets: This section outlines the assets that are in scope for the program, and the types of vulnerabilities that will be rewarded.

  3. Bounty reward structure: This section outlines the structure of the rewards offered by the program, including the minimum and maximum rewards for different types of vulnerabilities.

  4. Rules of engagement: This section outlines the guidelines for how hackers should engage with the program, including the types of testing that are allowed and the types of activities that are prohibited.

  5. In-scope and out-of-scope assets: This section lists the assets and technologies that are in-scope and out-of-scope for the program.

The program policy page provides important information for hackers and program managers alike, and it should be kept up-to-date with the latest information about the program. Program manager should make sure that the Policy page is updated with the latest information about the program and the program's disclosure policy, this will help hackers understand the program better and increase the quality of the reports.

On the top side of the program policy page, there are five tabs: Policy, Scope, Members, Credentials, and Changelogs.

  1. Policy: This tab contains the program's policy, which includes information such as the disclosure policy, reward eligibility criteria, policy for in-scope assets, bounty reward structure, and rules of engagement.

  2. Scope: This tab contains all the scope groups, which define the assets that are in scope for the program.

  3. Members: This tab contains a list of all the members who manage this program. Program managers can add or remove members as needed.

  4. Credentials: This tab contains information about the credentials connected to in-scope assets, where the security researcher can request or claim the credentials for testing.

  5. Changelogs: This tab contains a record of all the changes that have been made to the program's policy. This can be useful for tracking changes and understanding how the program has evolved over time.

Program Statistics

On the right side of the policy page, program statistics are also visible. These statistics include:

  1. Total Reports Received: This shows the total number of reports that have been received by the program.

  2. Assets in Scope: This shows the total number of assets that are currently in scope for the program.

  3. Bounty Range: This shows the range of bounties that have been awarded for different types of vulnerabilities.

  4. Hall of Fame: This tab contains a leaderboard of the top hackers who have hunted on the program.

These statistics provide a quick snapshot of the program's performance and can help program managers to understand how the program is doing and identify areas that need improvement.

Last updated