The information you provide in these steps will define the program scope and rewards. It will also help Bugcrowd identify the right skills and experience from the crowd to make sure maximum program value.
The steps to add an On-Demand program are:
- Provide a program name
- Set targets
- Specify terms and conditions
- Specify reward pool
- Identify vulnerability concerns
- Select the crowd
- Add look and feel
- Schedule program launch
- Review details and submit
To add an On-Demand Program:
-
In the Select an engagement to launch window, click Start for On-Demand Program.
The Step 1: Program Name page is displayed.
-
Provide a name for your program and click Next step. The Step 2: Set targets page is displayed. Also, the Grant created message is displayed.
-
Click Add target to add the target that must be tested. You can add multiple targets.
On each page, you can click Save and complete later to save the information that you have filled and complete the remaining sections at a later time.
The Add a target pop-up window is displayed.
-
Specify the following information:
- Target Name (URL/Location): Select a target from the drop-down menu or specify a new target.
-
Category: If you select an existing target name, then the category is displayed by default. If you have specified a new target name, then select the required category:
- Website
- API
- iOS
- Android
- IoT
- Hardware
- Other
-
Click Add. The target is added and the Target added to the program scope message is displayed.
If you want to edit the target details, click the icon in the Actions column.
-
Click Next step. The Step 3: Terms and conditions page is displayed.
-
You can enable or disable the following options:
- Use Bugcrowd’s Vulnerability Rating Taxonomy
- Encourage disclosure of non-target issues
- Safe harbor agreement
- Co-ordinated disclosure
To enable, move the slider to the right. To disable, move the slider to the left. By default, all the options are enabled.
-
Click Next step. The Step 4: Reward pool page is displayed.
-
In Bounty pool budget, specify the total reward pool for your program. The minimum value is $15,000.
-
Click Next step. The Identify Vulnerability Concerns page is displayed.
-
Specify the key security concerns you have and the important findings researchers must prioritize. This information helps Bugcrowd to select the best researchers for you.
-
Click Next step. The Step 6: Select Your Crowd page is displayed.
-
Specify the skills that the researcher must have. This will help Bugcrowd to select a security team (researchers) that match these requirements. The skills that you can specify are:
- Researcher Activities: List the activities researcher will perform. For example, Website testing, API testing.
- Asset Environments: Specify the environments the targets are running in.
- Languages and Frameworks: List the programming languages, frameworks, and integrated libraries used by the targets.
- Hosted and 3rd-party Applications and Services: Indicate whether the targets rely on hosted and 3rd party applications. For example, if the applications is running on a database, then specify MySQL.
-
Click Next step. The Step 4: Add look and feel page is displayed.
-
Specify the following information:
- Upload a logo: Click Upload logo and specify a logo for your program.
- Enter a background color for your logo: Provide a RGB hex value for the background color of the logo.
- Tagline: Provide a tagline for your program.
- Introduction: Provide a description for your program. This will be displayed as the first paragraph in your Program brief.
After specifying the information, click Update preview for viewing your changes.
-
Click Next step. The Step 5: Schedule launch page is displayed.
-
In Preferred launch timeline, select an option to indicate when you want the program to start:
- As soon as possible (default)
- Within a month
- More than a month
-
Click Next step. The Step 6: Review and submit page is displayed. Review the information that you have provided. In case you want to modify any details, click Edit and make the changes.
-
Click Submit. The Your program has been provisioned message is displayed.
Bugcrowd will contact you to review and launch the program.