This is an introduction to the second post in a series on "Bug Bounty Hunter Methodology". Understanding the scope and rules of a bounty program is crucial for eligibility and reward purposes. The scope outlines what type of security vulnerabilities are accepted, where testing is allowed, and what types of testing are permitted. Disclosure terms and rules describe how to report bugs and outline disclosure policies for programs. Targets list applications and services that can be hacked on, while out-of-scope sections exclude specific types of security findings and bugs. Going out of scope without permission risks no reward and a negative reputation. The bounty brief includes rewards information, testing details, and other useful information for researchers.