Adding an On-Demand Program

An On-Demand Program is a time-bound program runs for up to two weeks and relies on a monetary rewards structure to incentivize members of the researcher community to find security vulnerabilities in a defined set of assets and applications.

The information you provide in these steps will define the program scope and rewards. It will also help Bugcrowd identify the right skills and experience from the crowd to make sure maximum program value.

The steps to add an On-Demand program are:

  1. Provide a program name
  2. Set targets
  3. Specify terms and conditions
  4. Specify reward pool
  5. Identify vulnerability concerns
  6. Select the crowd
  7. Add look and feel
  8. Schedule program launch
  9. Review details and submit

To add an On-Demand Program:

  1. In the Select an engagement to launch window, click Start for On-Demand Program.

    select-engagement

    The Step 1: Program Name page is displayed.

  2. Provide a name for your program and click Next step. program-name The Step 2: Set targets page is displayed. Also, the Grant created message is displayed.

  3. Click Add target to add the target that must be tested. You can add multiple targets. set-target

    On each page, you can click Save and complete later to save the information that you have filled and complete the remaining sections at a later time.

    The Add a target pop-up window is displayed.

  4. Specify the following information:

    • Target Name (URL/Location): Select a target from the drop-down menu or specify a new target.
    • Category: If you select an existing target name, then the category is displayed by default. If you have specified a new target name, then select the required category:

      • Website
      • API
      • iOS
      • Android
      • IoT
      • Hardware
      • Other

    add-target

  5. Click Add. click-add The target is added and the Target added to the program scope message is displayed.

    If you want to edit the target details, click the icon in the Actions column. edit-target

  6. Click Next step. next-step The Step 3: Terms and conditions page is displayed.

  7. You can enable or disable the following options:

    • Use Bugcrowd’s Vulnerability Rating Taxonomy
    • Encourage disclosure of non-target issues
    • Safe harbor agreement
    • Co-ordinated disclosure

    To enable, move the slider to the right. To disable, move the slider to the left. By default, all the options are enabled. terms-conditions

  8. Click Next step. The Step 4: Reward pool page is displayed.

  9. In Bounty pool budget, specify the total reward pool for your program. The minimum value is $15,000. reward-pool

  10. Click Next step. The Identify Vulnerability Concerns page is displayed.

  11. Specify the key security concerns you have and the important findings researchers must prioritize. This information helps Bugcrowd to select the best researchers for you. vulnerability-concern

  12. Click Next step. The Step 6: Select Your Crowd page is displayed.

  13. Specify the skills that the researcher must have. This will help Bugcrowd to select a security team (researchers) that match these requirements. The skills that you can specify are:

    • Researcher Activities: List the activities researcher will perform. For example, Website testing, API testing.
    • Asset Environments: Specify the environments the targets are running in.
    • Languages and Frameworks: List the programming languages, frameworks, and integrated libraries used by the targets.
    • Hosted and 3rd-party Applications and Services: Indicate whether the targets rely on hosted and 3rd party applications. For example, if the applications is running on a database, then specify MySQL.

    select-crowd

  14. Click Next step. The Step 4: Add look and feel page is displayed.

  15. Specify the following information:

    • Upload a logo: Click Upload logo and specify a logo for your program.
    • Enter a background color for your logo: Provide a RGB hex value for the background color of the logo.
    • Tagline: Provide a tagline for your program.
    • Introduction: Provide a description for your program. This will be displayed as the first paragraph in your Program brief.

    After specifying the information, click Update preview for viewing your changes. add-look-feel

  16. Click Next step. The Step 5: Schedule launch page is displayed.

  17. In Preferred launch timeline, select an option to indicate when you want the program to start:

    • As soon as possible (default)
    • Within a month
    • More than a month schedule-launch
  18. Click Next step. The Step 6: Review and submit page is displayed. Review the information that you have provided. In case you want to modify any details, click Edit and make the changes. review-submit

  19. Click Submit. submit The Your program has been provisioned message is displayed.

    Bugcrowd will contact you to review and launch the program. last-page