You can create a program through our the button “Add Program” which is linked to your account plan. You will have 5 steps that you need to complete in order to send your application to FindBUG which will be reviewed within a couple of working days.
The first section is “Basic Information” about your program. Couple of fields are your contact information and some info about your program which we will use to contact you afterwards.
The second step is “Bounty” which is connected to your account plan. Based on my account plan you will have three options to choose.
You can choose your budget towards security researchers and we will determine based on Platform Strength of your program what amount of bounty per bug we should pay in order to get the best results. If your account plan is based on Monthly basis we will not charge any fee within the budget, only the security researchers will have a fee based on taxes. If your plan is “One Time Only” then we will charge 25% for your total budget. The rest of the budget will go for security researchers. If you want to reward security researchers with other ways rather than monetary rewards you can click the checkbox for “Swags” or “Certifications”. You can choose your privacy if you want to be Public or Private program, for more about program privacy you can read <here>.
This option will give you ways to optimize how you want to run your program. First thing is that you can choose a budget for your security researchers. Based on your plan if your account plan is based on Monthly basis we will not charge any fee within the budget, only the security researchers will have a fee based on taxes. If your plan is “One Time Only” then we will charge 25% for your total budget. The rest of the budget will go for security researchers. You can decide also within your budget what should be the amount of a specific bug based on severity. You can choose an amount of money for example starting from 100$ to 500$ per bug. If you want to reward security researchers with other ways rather than monetary rewards you can click the checkbox for “Swags” or “Certifications”. You can choose your privacy if you want to be Public or Private program, for more about program privacy you can read <here>.
This is for programs that want to launch a program only with Swags and Certificates. Even it’s not recommended, but there is still an option to go through “Acknowledgement Bounty” because it doesn’t stimulate security researchers to report security issues.
© 2019, FindBUG.io supported by MIN