In the Edit Program Policy section of BugBase, program managers can make detailed changes to the policy of their bug bounty program. The following are the options available to program managers in this section:

Updating the program logo

This option allows program managers to upload a new logo for their program. This logo will be displayed on the program page and in other areas of the platform.

Program visibility

This option allows program managers to make their program visible or hidden on the Program Tab. Program Managers get to keep their programs private and only visible to selected hackers.

Program Policy

Program managers can update various aspects of their program policy, bounty hunters view this policy before starting test in-scope assets and to learn more about your company.

Editing Policy:

Changing program details

• Program name: This option allows program managers to change the name of their program.

• Bug bounty budget: This option allows program managers to specify their bug bounty budget.

• Program website: This option allows program managers to specify the website of their program.

• Program tagline: This option allows program managers to specify a tagline for their program.

• Program introduction: This option allows program managers to provide an introduction to their program.

Rules of engagement

This section outlines the guidelines for how hackers should engage with the program, including the types of testing that are allowed and the types of activities that are prohibited.

• Collaborator Allowance: This option allows program managers to specify whether they want to allow collaborations for this particular program. Collaboration can be a powerful tool to enhance the effectiveness of a bug bounty program.

• User Agent for tracking request: This option allows program managers to specify the user agent that will be used for tracking requests made to their assets.

• Automated Tooling: This option allows program managers to specify the maximum number of requests/second that will be allowed for automated tooling. This will help to prevent abuse of the program by hackers using automated tools.

• Request Header: This option allows program managers to specify the request headers that will be used for tracking requests made to their assets.

Modifying scope groups

Program managers can add or edit in-scope and out-of-scope assets. This allows them to clearly define the assets that are in scope for the program and the types of vulnerabilities that will be rewarded, which can help hackers to better understand the program and increase the quality of the reports.

Managing bounty tables

The Bounty Tables in Bugbase can also be used to set different bounties for different scopes and priority based vulnerabilities. This allows program managers to incentivize hackers to focus on specific areas of the application that are most critical to their organization. Program managers can create different bounty tables for different scopes and assign them a different priority level.

Additionally, program managers can set different bounties for different types of vulnerabilities within a scope or priority level. This allows for fair rewards for the severity and impact of the vulnerability.