Hi Bug Bounty Community,
Some factors to keep in mind that we tried to assess the quality of bug bounty programs. I think, this article will provide insight into improving their new ideas for the companies and the researchers.
For now, it consists of 7 items as follows. Each item has 10 points and bug bounty programs must score 70 points for taking an A+ grade.
1 - The quick response time for all the bug reports from the companies. Please, will not provide feedback after 1 years. The best time is 10 days.
2 - The vulnerabilities should fix quickly. The best time is 30 days.
3 - The firms should have HOF(hall of fame) page on their web page.
I’ve got an interesting example about this matter. it’s easy to start a simple bug bounty program for your company. You know, some of the people who have contributed to the website in a “humans.txt” file.
Example url: salyangoz.me/humans.txt
4 - The companies should give a bounty or swag kit to researchers.
5 - The researchers may need additional information for their bug reports from the internal security team.
6 - The companies should have the detailed scope information of the bug bounty programs on their web page.
7 - The companies’ security teams must have an email address.
For example: [email protected]
EOF Evren/Mert