Program Policy
In the Policy section of Bugbase, program managers can view and edit the program policy page. This page contains key information about the program and the program's disclosure policy. The policy page includes the following components:
Disclosure policy: This section outlines the program's policy for disclosing vulnerabilities to the public. It includes information about when and how vulnerabilities will be disclosed, and the timeline for disclosing vulnerabilities.
Policy for in-scope assets: This section outlines the assets that are in scope for the program, and the types of vulnerabilities that will be rewarded.
Bounty reward structure: This section outlines the structure of the rewards offered by the program, including the minimum and maximum rewards for different types of vulnerabilities.
Rules of engagement: This section outlines the guidelines for how hackers should engage with the program, including the types of testing that are allowed and the types of activities that are prohibited.
In-scope and out-of-scope assets: This section lists the assets and technologies that are in-scope and out-of-scope for the program.
The program policy page provides important information for hackers and program managers alike, and it should be kept up-to-date with the latest information about the program. Program manager should make sure that the Policy page is updated with the latest information about the program and the program's disclosure policy, this will help hackers understand the program better and increase the quality of the reports.
On the top side of the program policy page, there are four tabs: Policy, Scope, Members, and Changelogs.
Policy: This tab contains the program's policy, which includes information such as the disclosure policy, reward eligibility criteria, policy for in-scope assets, bounty reward structure, and rules of engagement.
Scope: This tab contains all the scope groups, which define the assets that are in scope for the program.
Hall of Fame: This tab showcases the top security researchers in your program.
Announcements: This tab displays the program's announcements.
Changelogs: This tab contains a record of all the changes that have been made to the program's policy. This can be useful for tracking changes and understanding how the program has evolved over time.
Program Statistics
On the right side of the policy page, program statistics are also visible. These statistics include:
Total Reports Received: This shows the total number of reports that have been received by the program.
Assets in Scope: This shows the total number of assets that are currently in scope for the program.
Bounty Range: This shows the range of bounties that have been awarded for different types of vulnerabilities.
Hall of Fame: This tab contains a leaderboard of the top hackers who have hunted on the program.
These statistics provide a quick snapshot of the program's performance and can help program managers to understand how the program is doing and identify areas that need improvement.
Post New Announcements
On the right side of the policy page, you will find a button "New Announcement." Click on it to post a new announcement:
Click on New Announcement.
Add the title and message.
Click Save.
Note: A notification email will be sent to all security researchers regarding the announcement.
Last updated