From the course: Launch a Bug Bounty Program

Unlock the full course today

Join today to access over 25,000 courses taught by industry experts.

Set the scope for target products and services

Set the scope for target products and services

From the course: Launch a Bug Bounty Program

Set the scope for target products and services

- [Instructor] So far, we have learned that bug bounty programs can be a great way to harness the power of the cybersecurity community to find vulnerabilities in your organization digital assets. However, when opening the doors to researchers, it is vital to maintain control over the testing process. This control can be achieved by carefully defining the scope of your bug bounty program. Let's start by emphasizing why it is essential to limit intrusive testing. Intrusive testing, also known as aggressive or unrestricted testing, can potentially disrupt your production environment. The last thing you want is for well-intentioned researchers to accidentally bring down your systems or services while searching for vulnerabilities. To avoid disruption, it is important to define which use cases and types of testing are strictly forbidden. Some examples that should be out of scope are exfiltration of customer data, using social engineering or phishing attacks, or causing denial of service…

Contents