-
Chapter 6: Handling Disputes
Date: July 22, 2024 Authors: Logan MacLaren, Chris Holt, Adam Bacchus Respond to Disputes Like any scenario involving human interaction, you’re going to have to deal with disputes over severity assignments and payment amounts for your Bug Bounty Program. These disputes often boil down to one single point – the researcher believes the severity assessmentContinue…
-
Chapter 5: All Things Payment
Date: May 13, 2024 Authors: Logan MacLaren, Deana Shick, Christopher Robinson, Katie Trimble-Noble, Jeff Guerra, Chris Holt Introduction Vulnerability Disclosure Programs (VDP) are differentiated from a sub-classification known as Bug Bounty programs (BBP) when rewards are offered. There are many methods to determine your incentive or payment schedule. Typically, payouts are tied to one ofContinue…
-
Chapter 4: Scope and Budget
Date: September 7, 2021 Authors: Anil Dewan, Annika Erickson, Katie Trimble-Noble, Christopher Robinson, Deana Shick Introduction By now, we hope that you have read Chapters 1, 2, and 3, and are ready to begin scoping and budgeting your Bug Bounty program. If you haven’t read those chapters and are new to Bug Bounty, we encourage you to doContinue…
-
Chapter 3: Charter Your Program & Set Strategic Objectives
Date: July 28, 2021 Authors: Anil Dewan, Annika Erickson, Katie Trimble-Noble, Deana Shick Overview If you have stumbled upon this Chapter of the Bug Bounty Framework, you may have decided that a Bug Bounty program fits your needs . Creating a program charter and defining your strategic objectives are important steps in defining why your Bug Bounty programContinue…
-
Chapter 2: Is a Bug Bounty Program Right for You?
Date: June 23, 2021 Authors: Sean Poris, Johnathan Kuskos, Josh Dembling, Katie Trimble-Noble, Deana Shick, Christopher Robinson Overview By now, you have read Chapter 1, and you may be wondering if a Bug Bounty program is right for your organization. You might be intrigued by the idea of interacting with researchers, and wondering about theContinue…
