Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b7df991

Browse files
committed
added jump to link section to bounties article
1 parent d864d13 commit b7df991

File tree

1 file changed

+30
-7
lines changed

1 file changed

+30
-7
lines changed

docs/programs/bounties.md

Lines changed: 30 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,29 @@ path: "/programs/bounties.html"
44
id: "programs/bounties"
55
---
66

7+
<style>
8+
.contents {
9+
margin-left: 1.45rem;
10+
margin-right: 1.45rem;
11+
border-radius: 0.3em;
12+
width: 60%;
13+
}
14+
</style>
15+
716
A bounty is money you reward to hackers for reported and resolved bugs. They're used to attract the best hackers and to keep them incentivized to hack your programs. You can use bounties to encourage hackers to focus on particular assets by altering the reward amount for different vulnerability types. You shouldn't feel obligated to award a bounty for every incoming report as it's best to only reward for useful, valid reports.
817

9-
### Awarding Bounties on Reports
18+
<div class="background contents" markdown="1">
19+
20+
In this article, you can learn about: |
21+
---------------------------------- |
22+
[Awarding Bounties on Reports](#awarding) |
23+
[Suggesting Bounties](#suggesting) |
24+
[Best Practices](#best) |
25+
[Bounties for Reports Received Outside of HackerOne](#bounties) |
26+
</div>
27+
28+
<h3 id="awarding">Awarding Bounties on Reports</h3>
29+
1030
You can award a bounty through any report submitted to HackerOne. Some teams prefer to award a bounty once the issue has been confirmed as valid, while others wait until the issue is resolved.
1131

1232
To award a bounty:
@@ -19,7 +39,8 @@ To award a bounty:
1939

2040
Bounty amounts can be increased at any point by setting another award on the report, but keep in mind that bounties can't be removed once awarded.
2141

22-
### Suggesting Bounties
42+
<h3 id="suggesting">Suggesting Bounties</h3>
43+
2344
If you're unsure of how much to award the hacker, you can communicate a suggested amount with your internal team. To suggest an amount:
2445
1. Go to your inbox and open the report you'd like to award a bounty for.
2546
2. Expand the action picker at the bottom of the report above the comment box.
@@ -32,14 +53,16 @@ If you're unsure of how much to award the hacker, you can communicate a suggeste
3253
6. <i>(Optional)</i> Enter your reason of why you suggest that bounty amount.
3354
6. Click **Suggest award**.
3455

35-
### Best Practices
36-
* Provide bounties for useful, valid reports
37-
* Award a bounty for a significant found vulnerability that is out of scope
38-
* Clearly communicate to hackers your reasons for awarding or declining a bounty
56+
<h3 id="best">Best Practices</h3>
57+
58+
Here are some best practices to follow when awarding bounties:
59+
* Provide bounties for useful, valid reports.
60+
* Award a bounty for a significant found vulnerability that is out of scope.
61+
* Clearly communicate to hackers your reasons for awarding or declining a bounty.
3962

4063
><i>Note: Professional, Enterprise, and Fully Managed programs have access to a HackerOne representative who can provide insight and consult them through the bounty awarding process.</i>
4164
42-
### Bounties for Reports Received Outside of HackerOne
65+
<h3 id="bounties">Bounties for Reports Received Outside of HackerOne</h3>
4366

4467
When hackers submit vulnerabilities to your organization outside of HackerOne, you can leverage the HackerOne API to award hackers for their efforts. To start paying hackers, generate an API token on your Program settings page. Keep in mind that this API endpoint is not for awarding bounties for reports on HackerOne itself, but only for reports that were reported outside of HackerOne.
4568

0 commit comments

Comments
 (0)