Running a Good Program

Congrats on launching your bug bounty program! You might be wondering, Now what? In order to help your program run successfully, we’ve outlined some helpful tips to guide you in managing your program.

Tip # 1: Engage in disclosure

Programs that engage in disclosure find themselves having higher engagement with hackers as it gives the hackers a better idea with what vulnerabilities have been found thus far.

Tip #2: Set Fast Response Targets

Set your response targets to fall between the recommended and standard response times. The faster your response times, the higher likelihood of hackers engaging with your program as they’ll see that you’re actively responding to reports.

Tip #3: Communicate with your hackers

It’s best practice to actively communicate with your hackers by commenting on reports and answering any questions or concerns they have in a timely manner and letting them know of any updates or changes to your program by using the message hackers feature.

Tip #4: Utilize Bounty Tables

Set up bounty tables as they help hackers to see how much is rewarded based on the severity level of the vulnerability. Additionally, it’s important that you set your bounties to fair amounts that don’t underpay hackers.

Tip #5: Keep your policy up-to-date

Make sure all helpful and important information is written on your policy and that you follow the best practices for good policies.

Keep in mind that these short tips don’t guarantee success for your program, but they do help in increasing engagement with hackers. There are a lot of other factors that can affect the success of your program such as the types of assets, the bounty amounts, response time, time to bounty, etc.