From the course: Launch a Bug Bounty Program
Join today to access over 25,000 courses taught by industry experts.
Define bounty reward criteria
From the course: Launch a Bug Bounty Program
Define bounty reward criteria
- [Expert] Rewarding researchers for their valuable contribution to your bug bounty program is crucial to keep them engaged and motivated. However, determining the appropriate rewards can be a complex process. When it comes to bug bounty rewards, two key factor play a significant role, severity rating and impact. Severity rating can be subjective sometimes, and largely depends on potential harm a vulnerability could cause. It's often characterized as critical, high, medium, or low. In general, vulnerability with higher severity should be rewarded more generously due to significant risk and impact. It's important to clarify to researchers that the final severity rating will be assessed by your team during the triage and validation process. The overall severity rating of a vulnerability is calculated based on impact, likelihood, and complexity of exploitation. An effective way to baseline a vulnerability is to use the common vulnerability scoring system, also known as CVSS score…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.