Trustline Platform User Guide
Organization Guides
Organization Guides
  • Overview
    • 💡Quick Start
  • Trustline Products
    • 🐞Trustline Assessment Guide
      • 🔎Assessment Scoping
      • ⚙️Assessment Setup
      • 📄Assessment Testing
      • ⬇️Assessment Reporting
      • 🔁Assessment Remediation
      • ✔️Assessment Completion
    • 🕷️Trustline Bounty Guide
    • 🛡️Trustline Disclosure Guide
  • References
    • 🌐Assets Management
    • 📄Manage Reports Guide
    • 🔄Retesting Guide
Powered by GitBook
On this page
  • Overview
  • Pre-requisite
  • Getting Started
  • 1. Requesting a Bug Bounty Program
  • 2. Viewing and Managing the Bug Bounty List
  • 3. Managing Bug Bounty Program Settings
  • 4. Updating Bug Bounty Program
  • 5. Real-time Findings
  • 6. Requesting Retesting
  • 7. Managing the Program Status
  • References
  1. Trustline Products

Trustline Bounty Guide

Welcome to Trustline Bounty guide for organization. This guide will help you to launch and manage your Bug Bounty Program by providing you with step-by-step instructions.

Overview

Trustline Bug Bounty Program offers a financial incentive to ethical hackers who successfully identify and report vulnerabilities to application owner. By implementing bug bounty programs, companies can tap into the knowledge and skills of the ethical hackers and security researchers to continuously enhance the security of their systems.

Pre-requisite

To launch your Bounty, some prerequisites need to be in place. These include:

  1. Subscription: Verify that your organization has subscribed to the Trustline platform, specifically the package that includes the Bug Bounty Program.

  2. Recharge Wallet: Ensure sufficient funds in your Trustline wallet for distributing rewards.

  3. Pre-defined asset: There should at least be one defined asset which can be done in asset management.

Getting Started

1. Requesting a Bug Bounty Program

1.1 Access Trustline Platform

  • Navigate to the Bounty section to begin.

1.2 Creating a New Program

To initiate a new Bug Bounty program:

  • Select the Bounty Program option from the engagement section filter.

  • Click on the Create Program button to open a pop-up window.

  • Fill in the program details:

    • Name of the program.

    • Start date.

    • Website.

    • Assets to be tested.

    • Bounty eligibility.

    • Bounty amount: Specify the bounty amount for each severity level:

      • Minimum bounty: 100 SR

      • Difference between bounties should be equal to or greater than 50 SR.

    • Attach Files.

  • Enter the policy details outlining the guidelines and terms of the program.

  • Click Submit to create the program and receive a confirmation once evaluations are complete.

  • Trustline will activate the program after it is created and all necessary assessments are finalized.

2. Viewing and Managing the Bug Bounty List

  • Once a Bug Bounty program is launched, you can manage it as follows:

2.1 Program Details

  • Navigate to the engagement page on Trustline.

  • Click on the program name to access detailed information including:

    • Overview: Total number of reports received, Program start date, Total paid bounties, Number of assets within the program's scope, severity of findings, vulnerability reports, Top contributors, and Open reports.

    • Security Page: displays detailed program information including sections for Policy, Scope, Hacktivity, and Thanks.

    • Reports: Submitted vulnerability reports with severity and current status.

    • Scope: Details of assessed assets, including types, identifiers, bounty eligibility, total reports, reports by severity, and reports by status.

    • Attachments: Displays program-related attachments with an option to remove attachments if needed.

    • Settings: Configure program settings.

3. Managing Bug Bounty Program Settings

3.1 Program Settings

To adjust program settings and details:

  • Navigate to the settings section of the specific Bug Bounty program.

  • Modify program details such as:

    • Program picture

    • Name

    • Description

    • Website

    • Associated Users: Manage user access and permissions as required.

4. Updating Bug Bounty Program

4.1 Updating the Policy

To modify the Bug Bounty program's policy:

  • Navigate to the Security Page of the specific program. then, click the Edit button next to the program details.

  • Update the bounty amount for each severity level and adjust policy details as necessary.

4.2 Updating the Scope Assets

  • Navigate to the Scope section of the specific program.

  • Adding New Assets:

    • Click Add New Asset.

    • Select the asset type and define its scope.

    • Specify Bounty eligibility.

  • Editing Assets:

    • Use the dropdown menu for a specific asset.

    • Specify Bounty eligibility.

    • Select Edit Asset to modify its scope and notification preferences.

  • Removing Assets:

    • Use the dropdown menu for a specific asset.

    • Select Remove from Scope to exclude it from the program.

5. Real-time Findings

  • Promptly report vulnerabilities through our platform to ensure continuous updates to the Bug Bounty program. Hackers are encouraged to report findings immediately upon discovery. Check here for details on Manage Reports Guide

6. Requesting Retesting

During this stage, you can request a retest for any finding you have fixed to validate the fix.

Check here for details on Retesting Guide

7. Managing the Program Status

7.1 Controlling the Program Status

To manage the status of a Bug Bounty program:

  • Access the list of active Bug Bounty programs.

  • Locate the desired program.

  • From the dropdown menu, select one of the following options:

    • Activate Program: The program is live, and hackers can submit vulnerability reports.

    • Pause Program: Temporarily suspend acceptance of new reports.

    • Close Program: The program is closed permanently.

References

PreviousAssessment CompletionNextTrustline Disclosure Guide

Last updated 9 months ago

📄Manage Reports Guide
🔄Retesting Guide
🕷️
Page cover image