Bugbop with spider-like logo

Program Manager Guide

Learn how to set up and manage your bug bounty program on Bugbop.

← Back to Documentation

Getting Started as a Program Manager

Welcome to Bugbop! As a program manager, you'll be setting up and managing your organization's bug bounty program. This guide will walk you through the essential steps to get started.

Step 1: Creating Your Program

Note: All programs will be created in a "Private" state. You can ensure everything is set up before bug hunters can find the program on the Bugbop site. After creation, you can adjust the privacy of your program at any time.

To create a new program:

  1. Navigate to the "Dashboard"
  2. Click "Create Program"
  3. Configure your program. You can get detailed information about how to set up each field in our Program Setup guide

Step 2: Setting Up Your Team (optional)

Invite team members to help manage your program via the "Settings" dropdown -> "Invite User" or the "Users" tab:

  1. Go to the "Users" tab when viewing your program
  2. Click "Invite User"
  3. Enter email address
  4. Select their role:
    • Admin: Full program management capabilities. Can invite other Admins, Triagers, Viewers, and Bug Hunters.
    • Triager: Can review, validate and process reports. Can invite other Triagers, Viewers, and Bug Hunters.
    • Viewer: Read-only access to reports. Typically used for stakeholders and auditors.

    5. Optional: Enter a message

  5. Click "Send Invite". An email will be sent to the email address. If a user with that email address exists, they will also see the invite in their dashboard.

Step 3: Invite Bug Hunters (optional)

If you have worked with some bug hunters before, you can invite them by email from the "Bug Hunters" tab.

Step 4: Launch your Program

Once you're satisfied with how your program is set up, it's time to launch publicly on Bugbop's "Public Programs" page.

  1. Firstly, you'll need to be on a paid plan. You can do this from the "Billing" tab for your program.
  2. In your Program settings, choose one of the two settings for publicly listing your program:
    • Public where anyone can submit bugs.
    • Restricted where users must apply and be granted entry to your program.
    Details on all visibility options are available in our Visibility Options guide

Next Steps

After setting up your program:

  • Review the reporting workflow to understand how reports will be processed.
  • Consider setting up integrations with your development tools using Webhooks
  • Establish internal processes for handling valid vulnerabilities.
  • Monitor program metrics to track performance over time.