CHAPTER 3 Thus far we’ve gone through a lot of theblocking and tackling basics for the planning partof your bug bounty program. Chapters 1 and 2describe many of the planning details for yourbug bounty program. You’ve determined you’re ready, primed your vulnerability managementprocesses, defined bug bounty roles and responsibilities, gone […]
Whoever is on bug bounty duty is responsible for alloperational work that week, as well as continuing progresson any strategic improvements to your program. Chapter 2.2.3: Brace yourself, bugs are coming In addition to setting up an on-going rotation, you’ll want to clearout the calendars of your BBT for the […]
As we alluded to in the assessment questionnaire, you likely alreadyhave some vulnerability management (VM) processes in place (i.e.ensuring vulnerabilities are identified and fixed in a timely manner).In any VM process, you’re going to have streams of vulnerabilitiescoming in from different sources, such as: automated scanners; issuesuncovered by security engineers, […]
After having run or been a part of dozensof bug bounty programs, I can tell you thatthe experience and value derived fromthem heavily depends on taking a momentto assess where you’re at today. An initial self-assessment is critical to ensure you don’t jump off the deep end tooearly. Launching a […]