Program Management Overview
Programs List:
Here you'll see a list of programs you are permitted to view, including any program(s) your team has set up, which you'll be able to edit as an administrator.
Awards Table:
This is your awards table that breaks down vulnerability types into severity levels with impact considerations. The amounts shown represent the typical payout for each award level.
The defaults provided are a suggestion and these amounts can be edited.
Program Scopes:
This list allows you to specify targets that are in and out of scope for researchers to indicate where they should and should not focus.
Program Admins:
A list of team members that are permitted to edit your program and manage reports.
Program Researchers:
A list of researchers that are permitted to submit reports and view your program when it is private. Researchers can be invited by username or email address.
Known Issues List:
This is a list of known issues that are not yet resolved. These issues are explicitly out-of-scope to be reported by researchers. Keeping up with this list minimizes duplicate reports and can save researchers time in researching potential issues and creating reports that won't be awarded.
Vulnerability Disclosure Policy:
This is your Vulnerability Disclosure Policy, which discusses the types of vulnerability reports you will and will not award as well as information about report validation and determining severity and impact, the type of tests that are not permitted, the process for public disclosure, and legal policy regarding testing.
Policy Editor:
Our default template is provided, but can be edited based on your company's security parameters. Markdown is supported.
Program Visibility:
The default visibility for a program is private. At any time, you can switch your program's visibility to public, allowing any researcher on our platform access to test and submit reports.
Researcher List:
The researchers that appear in our public list have been vetted and requested their profile be available to programs for invite consideration.
Researcher Profile:
Each researcher in the Researcher List has a profile that can be visited to view more information provided by the researcher about their background in security.
Invite Researcher:
From either the Researcher List or Researcher Profile, you can also invite a researcher to your program. At any time, you can remove any researcher you have invited through Program Researchers.