To understand the Engagement structure, refer to the diagram below:
The Organization is the highest level for customer resource management comprising one or more Security Programs for configuring, performing, and measuring crowdsourced security testing. For further details about the scope, purpose, and use of Bugcrowd Organizations see the Security Program Overview documentation.
A Security Program is the container of target scope, submissions, and settings enabled by one or more Engagements of the same or differing types (e.g. Vulnerability Disclosure, Bug Bounty, Pen Test). The Engagement is an instance of purpose-based, crowd utilization where the majority of the configuration occurs at the Security Program and inherited by its Engagements.
This approach is designed to unlock flexibility and growth whereby Bugcrowd makes it easier for you to define and launch diverse Engagements that serve your evolving crowdsourced security needs. That is, to quickly set up and run Engagements that exploit the power of the crowd and drive faster outcomes.
When a Security Program Administrator wants to instantiate a new Engagement, they only need to:
- Configure the Engagement brief and teaser
- Configure policy-related settings (e.g. NDA, Disclosure)
- Select the targets of the Engagement
- Set hacker rewards or compensation