A bounty table shows how much your program is willing to pay for various bugs you receive. They help set expectations for hackers and give your bug bounty team a guideline to ensure fair and consistent reward amounts. Setting up a bounty table will help provide more granular data and analytics for your program, which will, in turn, help your program become more successful. The bounties in the table are categorized based on the severity of the issue identified.
To set up and publish your bounty table on your security page:
Go to Engagements > Settings > Program > Bounties.
(Optional) Edit the column names of the bounty table that best fit the reward structure of your program under the Bounty Table section.
(Optional) Pick the bounty value setting that best fits the reward structure of your program. This can be a range or a fixed value.
Select the asset you want the bounty structure to apply to. If you want it to apply to all assets, the default is already set to All assets.
Input your bounty amounts under each column.
(Optional) To add another row to your bounty table, click + add another bounty table row.
(Optional) Add a description about how severity is determined or you can also add examples of what types of bugs fall into which category in the Optional description field.
Click Create bounty table.
Your security page will now have a Rewards section that showcases your bounty table.
To remove the bounty table from your security page, select Remove bounty table under Program Settings > Program > Rewards > Bounties.