- Who Can Use This Tool
- When to Use the Simulator
- Key Capabilities
- Accessing the Simulator
- How to Use the Simulator
- Understanding Simulation Outputs
- Start New Managed Bug Bounty Engagement
- Tips & Best Practices
- Key Benefits
- Related Links
The Bug Bounty Engagement Simulator is a modeling tool that helps you:
- Forecast potential reward spend and submission volume for a bug bounty engagement over a 12-month period.
- Experiment with “what-if” scenarios by adjusting engagement parameters such as targets, reward range, and participant requirements.
- Plan budget, resources, and timelines with realistic, data-driven projections.
Who Can Use This Tool
The simulator is available to:
- Organization Owners
- Program Owners
When to Use the Simulator
Use the simulator when you want to:
- Model different engagement scenarios before launch.
- See the projected impact of scope, reward range, and participant requirements on outcomes.
- Estimate resources needed for triage, validation, and remediation.
- Build a data-driven case for program budget allocation.
Key Capabilities
- 12-month forecasting for more accurate annual planning.
- Customizable parameters to reflect your actual engagement requirements.
- Submission funnel analytics that break down total, valid, and unique submissions.
- Detailed monthly and cumulative projections for both rewards and submissions.
Accessing the Simulator
- Select a Security Program.
- Navigate to the Engagements page.
- Click Simulate Engagement at the top of the page.
How to Use the Simulator
Step 1: Add Targets
- New Targets: Enter URL/wildcard domain (e.g., *.example.com). Add skill-based tags for required testing expertise.
- Existing Program Targets: Pick from saved program targets
Step 2: Select Reward Range
Select the range that reflects your organization’s security maturity to indicate the expected payout for each vulnerability. You can choose from our preset ranges—Elite, Mature, or Young—or define your own custom range.
Options:
- Elite ($300–$20,000)
- Mature ($250–$7,500)
- Young ($175–$4,500)
- Custom (set P1–P4 individually)
Step 3: Define Crowd Size
Input estimated number of participating hackers.
Step 4: Apply Optional Engagement Requirements
Setting | Options | Default |
---|---|---|
ID Verification | Not required / Required | Not required |
Background Check | Not required / Required | Not required |
Geographic | Not required/ Include / Exclude countries | Not required |
NDA | Not required / Required | Not required |
Credentials | Not required / Required - Provided / Required - Self-provisioned | Not required |
Collaboration | Disabled / Enabled | Disabled |
Disclosure | Disabled / Enabled | Disabled |
Step 5: Run Simulation
Click Generate Simulation.
Understanding Simulation Outputs
In the Bug Bounty Engagement simulator page, you can Edit details, Start again, or Download the simulation as a PDF.
-
Simulated Outcomes Chart
- Monthly and cumulative views
- All, Rewards, and Submission views
-
Monthly & Cumulative Table
- Detailed breakdown of projections per month and total over 12 months.
- Detailed breakdown of projections per month and total over 12 months.
-
Submission Funnel
- Valid submissions: Duplicates + unresolved + resolved
- Unique submissions: Unresolved + resolved
-
Total submissions: All vulnerabilities including duplicates
- The Total submissions is the project cumulative maximum submissions number in the Monthly & Cumulative Table.
- The Total submissions is the project cumulative maximum submissions number in the Monthly & Cumulative Table.
Please note: Actual engagement results may vary from generated simulations depending on the complexity of testing and other factors.
Start New Managed Bug Bounty Engagement
To start a new engagement from a generated simulation, please click Submit a support ticket and share the simulation PDF. When submitting your support ticket, select the request type Program/Engagement: Start New Engagement.
Tips & Best Practices
- Run multiple simulations with varied parameters for comparison.
- Use the submission funnel to plan for triage staffing.
- Adjust reward range to see budget impact.
Key Benefits
- Full-year (12-month) forecasting.
- Flexible inputs for more accurate modeling.
- Visual breakdown of submission quality and quantity.
Related Links
Security Program Targets
Target Overview
Working With Bugcrowd Support