Assigning bounties is a way for program managers to reward hackers for their contributions in finding and reporting vulnerabilities. Bounties are monetary rewards that are given to hackers for identifying and reporting vulnerabilities.

In BugBase, program managers can assign bounties to hackers through the 'Assign Reward' feature. They can choose the amount of the bounty and assign it to the hacker. Program managers can set up different bounties for different types of vulnerabilities or severity level.

To set an bounty

1. Go to the top of the report page and click on the "Assign rewards" button.

2. Enter the bounty amount and click on save changes.

In BugBase, program managers don't have to worry about splitting bounties among multiple hackers when a vulnerability is reported through collaboration. The system will automatically split the bounty based on the percentage of contribution decided by the hackers themselves.

Best practices to follow when awarding bounties in BugBase:

1. Provide bounties as per program policy: Proper bounties should be provided to hackers if the report is valid and non-duplicate as per the bounty decided by program.

2. Consider awarding for significant out-of-scope vulnerabilities: Even if the report is out of scope, consider awarding a bounty for vulnerabilities that have a significant impact.

3. Communicate clearly with hackers: Clearly communicate the reasons for any difference between the awarded bounty and those mentioned in the program policy, or the reason for declining a bounty. This helps hackers understand the decision and provides valuable feedback on how to improve their future submissions.

Approval for Bounty Assignment:

1. In the settings under Access>People, companies have the option to configure their organisation members to necessitate bounty approval.

2. When bounty approval is mandated, bounties won't be directly assigned; instead, they can be accepted or declined by any individual who doesn't require approval.