BugBase Documentation
  • 👋Welcome to BugBase Docs
  • Overview
    • 💡What we do
    • ⚡Changelogs
    • ✨Our Features
    • 📂Programs at BugBase
      • Vulnerability Disclosure Program (VDP)
      • Bug Bounty Program
      • Private Bounty Program
      • Pentest Program (VAPT)
  • Report Lifecycle
    • Bug Report
    • Report Status
  • How To
    • 👨‍💻Invite Organization Members to BugBase (RBAC)
    • 🚩Setup a Campaign for better program engagement
    • 🐛Submit a Bug Report on BugBase
    • 📑Create a Bug Bounty Program on BugBase
    • ⬇️Download the mobile app
  • Company Guide
    • 👨‍💼Create a Company Account
    • 🧭Navigation
    • 🛡️Assets Dashboard
    • 🗝️Credential Vaults
      • Creating a Credential Vault
      • Adding Credentials to Vault
      • Connect Credential Vault to an Asset
      • Require Whitelisting for a Credential
    • 🔐VPN Servers
      • Create, Configure and Deploy VPN server
      • Monitor Live Statistics and Logs
    • 🗂️Programs Dashboard
      • ⛳Create a Program
    • 📢Customer Support
    • 💵Bounty Bin
    • ⚙️Company Settings
      • 👨‍🏫Profile
      • 🏢Organisation
      • 👨‍🏭Roles and Permissions
      • 🔐Security & Authentication
        • Multi-Factor Authentication
        • SSO with SAML
          • Okta SSO setup via SAML
          • Google SSO setup via SAML
      • 🎨Customization
        • Automations
        • Report Tags
      • 📙Manage Access
    • 📈Insights Dashboard
    • 🔊Campaigns
    • 💲Understanding Currencies Used in BugBase
    • 🤝Whitelist
  • Program guide
    • Bug Bounty Dashboard
      • Program Reports Section
        • Report Components
        • Report Actions
        • Duplicating Reports
        • Assigning Swags
        • Assigning Bounties
        • Assigning Thanks to Reporters
        • Assigning Bonus Bounty
        • Automatic Response Generator using ChatGPT
      • Program Policy
        • Editing Program Policy
          • Best Practices For Designing Policy
          • Best Practices For Bounty Tables
      • Payouts
      • Settings
    • Private Bug Bounty Dashboard
      • Invite Hackers
      • Manage Credentials
    • VDP Dashboard
    • Pentest Dashboard
      • Pentest Overview
      • Vulnerabilities Section
        • Pentest Report Components
        • Pentest Report Actions
      • Global Pentest Chat
    • Competition Dashboard
      • Dashboard
      • Creating a Competition
        • Adding Challenges
      • Manage Competitions
        • Statistics
        • Leaderboard
        • Manage Users
  • Bounty Hunter Guide
    • Bounty Hunter Dashboard
    • Bounty Hunter Profile
    • Programs Directory
      • Program Policy Page
      • Credentials
      • VPN Access
      • Whitelist
      • Collaborate
    • Bounty Hunter Reports Section
      • Submitting Reports
      • Interaction with Program Representees
      • Collaboration
      • Response Generation through ChatGPT on Report Chat
    • Competitions
    • Discord Community
    • Leaderboard
    • Multi-Factor Authentication
    • Settings
      • Verify KYC
    • Email Alias
    • 🚀Apollo Community
  • Integrations
    • 🔗Supported Integrations
    • Webhooks
    • JIRA
      • Creating a JIRA Issue
    • Slack
      • Managing Integration
    • Microsoft Teams
    • Github
    • Asana
    • Sumo Logic
    • PagerDuty
  • on-premise
    • Running Automated Testing
    • Sandbox Environment
Powered by GitBook
On this page

Was this helpful?

  1. Program guide
  2. Bug Bounty Dashboard

Program Policy

In the Policy section of Bugbase, program managers can view and edit the program policy page. This page contains key information about the program and the program's disclosure policy. The policy page includes the following components:

  1. Disclosure policy: This section outlines the program's policy for disclosing vulnerabilities to the public. It includes information about when and how vulnerabilities will be disclosed, and the timeline for disclosing vulnerabilities.

  2. Policy for in-scope assets: This section outlines the assets that are in scope for the program, and the types of vulnerabilities that will be rewarded.

  3. Bounty reward structure: This section outlines the structure of the rewards offered by the program, including the minimum and maximum rewards for different types of vulnerabilities.

  4. Rules of engagement: This section outlines the guidelines for how hackers should engage with the program, including the types of testing that are allowed and the types of activities that are prohibited.

  5. In-scope and out-of-scope assets: This section lists the assets and technologies that are in-scope and out-of-scope for the program.

The program policy page provides important information for hackers and program managers alike, and it should be kept up-to-date with the latest information about the program. Program manager should make sure that the Policy page is updated with the latest information about the program and the program's disclosure policy, this will help hackers understand the program better and increase the quality of the reports.

On the top side of the program policy page, there are four tabs: Policy, Scope, Members, and Changelogs.

  1. Policy: This tab contains the program's policy, which includes information such as the disclosure policy, reward eligibility criteria, policy for in-scope assets, bounty reward structure, and rules of engagement.

  2. Scope: This tab contains all the scope groups, which define the assets that are in scope for the program.

  3. Hall of Fame: This tab showcases the top security researchers in your program.

  4. Announcements: This tab displays the program's announcements.

  5. Changelogs: This tab contains a record of all the changes that have been made to the program's policy. This can be useful for tracking changes and understanding how the program has evolved over time.

Program Statistics

On the right side of the policy page, program statistics are also visible. These statistics include:

  1. Total Reports Received: This shows the total number of reports that have been received by the program.

  2. Assets in Scope: This shows the total number of assets that are currently in scope for the program.

  3. Bounty Range: This shows the range of bounties that have been awarded for different types of vulnerabilities.

  4. Hall of Fame: This tab contains a leaderboard of the top hackers who have hunted on the program.

These statistics provide a quick snapshot of the program's performance and can help program managers to understand how the program is doing and identify areas that need improvement.

Post New Announcements

On the right side of the policy page, you will find a button "New Announcement." Click on it to post a new announcement:

  1. Click on New Announcement.

  2. Add the title and message.

  3. Click Save.

Note: A notification email will be sent to all security researchers regarding the announcement.

PreviousAutomatic Response Generator using ChatGPTNextEditing Program Policy

Last updated 5 months ago

Was this helpful?