Bugbop with spider-like logo

Program Manager Guide

Learn how to set up and manage your bug bounty program on Bugbop.

← Back to Documentation

Getting Started as a Program Manager

Welcome to Bugbop! As a program manager, you'll be setting up and managing your organization's bug bounty program. This guide will walk you through the essential steps to get started.

Step 1: Creating Your Program

Note: All programs will be created in a "Private" state. You can take the time to ensure everything is set up before bug hunters can find the program on the Bugbop site. You can adjust the privacy of your program at any time.

To create a new program:

  1. Navigate to the "Dashboard"
  2. Click "Create Program"
  3. Configure your program. You can get detailed information about how to set up each field in our Program Setup guide

Once you've created the program, you'll be presented with a Program overview page like this:

bugbop.com
Screenshot of Bugbop new program creation form

Step 2: Setting Up Your Team (Optional)

Invite team members to help manage your program via the "Settings" dropdown -> "Invite User" or the "Users" tab:

  1. Go to the "Users" tab when viewing your program
  2. Click "Invite User"
  3. Enter their email address
  4. Select their role:
    • Admin: Full program management capabilities. Can invite other Admins, Triagers, Viewers, and Bug Hunters.
    • Triager: Can review, validate and process reports. Can invite other Triagers, Viewers, and Bug Hunters.
    • Viewer: Read-only access to reports. Typically used for stakeholders and auditors.
  5. Optional: Enter a message. This will be included in the invitation email sent to them.
  6. Click "Send Invite". An email will be sent to the email address. If a user with that email address exists, they will also see the invite in their dashboard.

Step 3: Invite Bug Hunters (Optional)

If you have worked with some bug hunters before, you can invite them by email from the "Bug Hunters" tab. The process is the same as Step 2 above but you select the "Bug Hunter" role.

Step 4: Launch your Program

Once you're satisfied with how your program is set up, it's time to launch publicly on Bugbop's "Public Programs" page.

  1. Firstly, you'll need to be on a paid plan (see Pricing ). You can do this from the "Billing" tab for your program.
  2. In your Program settings, choose one of the two settings for publicly listing your program:
    • Public where anyone can submit bugs.
    • Restricted where users must apply and be granted entry to your program.
    Details on all visibility options are available in our Visibility Options guide

Step 5: Add to your Security Page

To help security researchers find your program, add a link to your Bugbop program on your website's security page (e.g., yourdomain.com/security) or security.txt file. This ensures that legitimate vulnerability reports are routed through Bugbop, allowing you to manage, triage, and reward them efficiently, rather than receiving them via unverified channels like email.

Website Template

<p>If you believe you've found a security vulnerability in our service, please report it through our Bug Bounty Program hosted on Bugbop:</p>

<p><a href="YOUR_PROGRAM_URL">Report a Vulnerability</a></p>

For your security.txt file (usually located at /.well-known/security.txt), add:

security.txt Template

Contact: YOUR_PROGRAM_URL
Preferred-Languages: en
Canonical: https://yourdomain.com/.well-known/security.txt

Next Steps

After setting up your program:

  • Consider setting up integrations with your development tools using Webhooks
  • Establish internal processes for handling valid vulnerabilities.
  • Ensure all users added monitor their inboxes and keep on top of the unresolved bugs.

Ready to Launch Your Bug Bounty Program?

Get personalized guidance from our security experts to set up a successful bug bounty program for your organization.

Start Your Bug Bounty Program Book a Call