Home / Companies / Bugcrowd / Blog / Post Details
Content Deep Dive

Setting Up Your Program Reward Ranges

Blog post from Bugcrowd

Post Details
Company
Date Published
Author
Grant McCracken
Word Count
1,355
Company Posts That Month
12
Language
English
Hacker News Points
-
Post removed?
No
Summary

Setting up a crowdsourced security program requires careful consideration of rewards, including determining suitable ranges for vulnerabilities against different target types, considering market rates, and establishing a budget. Bugcrowd's Vulnerability Rating Taxonomy (VRT) provides a standardized framework for rating vulnerability severity, making it easier to set consistent reward ranges across programs. The recommended starting reward ranges vary depending on the type of targets, with lower ranges suitable for untested web apps and higher ranges for well-hardened and sensitive systems. A moderate attack surface and some past security testing can help estimate the initial reward pool budget, which may need to be adjusted based on program performance. Ultimately, the key to a successful program is attracting the right hackers with attractive incentives, making it essential to balance rewards with business needs and security maturity.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.