Today Grant posted a blog post on Bugcrowd’s blog about writing a good scope. Here’s a small excerpt:
As a friendly reminder, keep in mind while building out your program, that you’re working WITH researchers, not against them. The effort that you put into creating a clear and thoughtful brief does not go unnoticed, and ultimately helps researchers be more effective in testing your application.
With that said, What makes a great bug bounty scope?
What suggestions or tips would you give a customer?
Would love your thoughts @geekspeed, Mongo, Nikaiw and others