Home / Companies / Bugcrowd / Blog / Post Details
Content Deep Dive

The Do’s and Don’ts of Writing Your Program Brief

Blog post from Bugcrowd

Post Details
Company
Date Published
Author
Grant McCracken
Word Count
2,093
Company Posts That Month
12
Language
English
Hacker News Points
-
Post removed?
No
Summary

A well-defined scope is crucial in a crowdsourced security program, as it clearly tells researchers what they can and cannot test within the boundaries of the engagement. A narrow scope may result in coverage and testing gaps, while an overly broad scope may distract resources and time-constrained hackers from focusing on what's needed. It's essential to expose as much of your footprint as possible, tier assets based on their value, and evaluate how you'll handle submissions that are valid but out of scope. The focus areas section should include specific situations, such as new features or attack vectors, while providing high-level information and relevant documentation around in-scope assets. Out-of-scope sections clearly outline what is not allowed, including exclusions and ratings. Rewards should be linked to a specified priority level on the program brief, with rewards matching or exceeding market value, and growing over time. Finally, the disclosure and rules section outlines the policy on disclosure, as well as any supplemental guidelines for participation, ensuring clarity and consistency for all parties involved.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.