Welcome to Bugcrowd's Product Documentation Center

You'll find comprehensive guides and documentation to help you start working with Bugcrowd as quickly as possible.

Updating the Program Brief

The program brief contains information for your bounty program. Researchers read the program brief to understand the scope and purpose of the program as well as see the targets that you want them to test.

Learn More

Use these resources to learn some tips and tricks to writing a successful, well thought out program brief.

Naming Your Bounty Program

To name your bounty program, go to the Program Settings and locate the "Name" field.

Change the bounty program

Change the bounty program

Enter the name you want to assign to your bounty program. It should be something descriptive, like the name of your company or application that is being tested.

Save your changes when you are done.

Adding a Tagline and Description

A tagline is a short sentence that describes your bounty program or company to researchers. To add a tagline to your bounty program, go to the Settings area and locate the "Tagline" field. Enter the tagline you want to display for your bounty program. It should be one sentence that concisely describes your company, product, or bounty program. To get an idea of what other use for their tagline, check out our Public Program Listing.

Add a tagline for your program

Add a tagline for your program

Next, add in a description to communicate the goals of your program and what you are looking to achieve. To get an idea of what other use for their description, check out our Public Program Listing.

Adding a description to your program

Adding a description to your program

Markdown Enabled

The description box is markdown enabled. For more information on markdown, Click Here.

Adding Targets to a Program

A target may be a web application, mobile application, API, IOT device, hardware or a website you want to include in your bounty program.

Attention: Feature Restriction

Targets may only be manually added and removed by a user before a program has been launched live. Once the program has been launched live, the customer must contact customer@bugcrowd.com to add or remove any targets.

A 'Program Administrator' may search and add a number of targets to a program from the 'Organization Target Directory' by navigating to the 'Program Settings' page. To do this, click on the 'Settings' tab on the Crowdcontrol Nav Bar.

Program Settings

Program Settings

Select the 'Program Scope' tab.

Program Settings > Program Scope

Program Settings > Program Scope

In the last field, search for the target to you want to assign to the program.

Search Target Directory

Search Target Directory

Select the target you wish to assign to the program. Once you select it, it is automatically added to the program.

New Targets: Adding New Targets At A Program Level

New targets that have yet to be added to the Organization Target Directory can be added to a program by typing the new target in the blank search space. Once the target has been entered, set the target 'type' and 'business impact' level before clicking the '+' icon to add the target. This target, its target 'type' and 'business' impact will automatically be uploaded into the Organization Target Directory.

Learn more about assigning the target type' and 'business impact' here.

Set Target In or Out Of Scope

Next, use the drop-down arrow in the 'scope' field to identify whether the target is in scope or out of scope.

Scoping Targets: What's In and What's Out?

Use the following three resources to help better understand and identify which targets should be set in or out of scope:
The Anatomy of a Bounty Brief
Creating a Scope
Defining Exclusions

Target Scope

Target Scope

Targets will be clearly labeled as 'Out of Scope' on the bounty brief.

Complete Target Information

Last, fill in in the "Target Information" section. We recommend using this section to emphasize what is explicitly in scope, out of scope, focus areas, etc. To get an idea of what other use for their target descriptions, check out our Public Program Listing.

Target Information

Target Information

Markdown Enabled

The description box is markdown enabled. For more information on markdown, Click Here.

Preview Program Brief

Once your program brief is set up, you can preview it by clicking the orange Preview Program button. This button can be found at the top-right of the Settings > Program Brief page.

Cation: Preview Link

The preview link does not expire and may be used by anyone who retrieves this link. Anyone who has this link may participate on the bug bounty program, even if it is private. This link is for internal use only and should not be distributed to outside researchers.

Updating the Program Brief