Policy and Scope
Updated over a week ago

The policy section enables organizations to publish information about their program in order to communicate the specifics of their program to hackers. Organizations typically publish a vulnerability disclosure policy with guidance on how they want to receive information related to potential vulnerabilities in their products or online services.

The policy also includes your program’s scope which is the list of items you'd like hackers to test and send reports in for. It is often defined by the domain name for web applications, or by the specific App Store/Play Store mobile apps that your company builds.

Policy example

Did this answer your question?