Abstract: The idea behind the expansions of scope of a bug bounty program is to give researchers more surface to test on. The nonnegotiable aspect of scope expansion is adequately portraying intentions to the team. Before expanding, it's absolutely essential to evaluate the current bounty pool and analyze the trends of payouts over the course of the period to attempt to get a rough estimate of what the expansion may do to the budget. Ideally, scope expansions are best approached when there is adequate reason to believe that the current scope is either too limited or exhausted in one way or another. Scope expansions aren't the only way to encourage more program participation. Program managers can alternatively invite more security researchers, with automated approaches and by hand. A program manager should not attempt to form any expansion processes until a baseline level of security is considered.
Publication Year: 2021
Publication Date: 2021-11-23
Language: en
Type: other
Indexed In: ['crossref']
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot