Getting Started as a Program Manager
Welcome to Bugbop! As a program manager, you'll be setting up and managing your organization's bug bounty program. This guide will walk you through the essential steps to get started.
Step 1: Creating Your Program
To create a new Bug Bounty Program:
- Navigate to the "Dashboard"
- Click "Create Program"
- Fill in your program details:
- Website URL: Your website. It may not be the site you're running the Program for.
- Name: A name for your program. Typically "MyCompany Bug Bounty Program"
- Description & Scope: This is the main part of your program. Setting up your first program is difficult.
Please review Comprehensive Guide and Example Template or book a call with us and we'll help you.
- Bounty Settings: Either 'None', 'Cash', or 'Swag/Credit'. Please review our guide Reward Structure Guide for suggested cash amounts.
- Rewards: What rewards you'll offer for valid findings
- Add your Logo
- Click "Create Program"
Step 2: Setting Up Your Team
Invite team members to help manage your program via the "Settings" dropdown -> "Invite User" or the "Users" tab:
- Go to program settings > "Team"
- Click "Invite Team Member"
- Enter email address and select role:
- Admin: Full program management capabilities
- Triager: Can review, validate and process reports
- Viewer: Read-only access to reports. Typically used for stakeholders and auditors.
You can also invite Bug Hunters via the "Settings" dropdown -> "Invite Bug Hunter" or the "Bug Hunters" tab.
Bug Hunters can submit bugs to your program. If you've worked with good bug hunters before, add them here.
Step 3: Launch your Program
Once you're happy with your program, it's time to launch:
- Firstly, you'll need to be on a paid plan if you want to show your
- Email Templates: Customize notification emails
- Automated Responses: Set up auto-replies for common scenarios
- Access Agreement: Create terms for accessing your program
Step 5: Setting Up Webhooks (optional)
Connect Bugbop to your internal systems via the "Settings" dropdown -> "Webhooks"
Please review our Webhook Documentation for more details
Next Steps
After setting up your program:
- Review the reporting workflow to understand how reports will be processed
- Consider setting up integrations with your development tools
- Establish internal processes for handling valid vulnerabilities
- Create templates for communicating with bug hunters
- Monitor program metrics to track performance over time