On Cyberbay.tech, defining your scope means specifying which assets you want hunters to target. Here’s how to do it effectively:
In-Scope Assets
Your in-scope assets are the collection of assets you want hunters to focus on. When listing these assets, ensure hunters can select the appropriate asset for each report. Any special requirements should be explicitly attached to the relevant asset. Clear asset definitions help you communicate effectively with hunters and ensure accurate targeting.
Out-of-Scope Assets
List assets that are off-limits as out-of-scope. Hunters will not be able to submit reports for these assets and will see a red warning if they attempt to select such an asset.
Non-Paid Assets
For assets that are part of a Bug Bounty Program but will not earn bounties, set the bounty eligibility to false. Hunters submitting reports for these assets will receive a warning that this is not a paid asset.
Asset Importance
Set the importance of your assets to prioritize reports based on their severity. This helps in managing and responding to vulnerabilities more effectively.
Environmental Score
Assign an Environmental Score to each asset. Cyberbay will automatically limit the severity of the report based on the asset’s risk profile. For example, a “Critical” vulnerability may not be possible for a static marketing asset.
Report Tagging
Reports will be tagged by the selected asset, allowing you to sort and differentiate reports for various assets, such as distinguishing between issues in your mobile app and your web app.
Data Analysis
Conduct data analysis per domain. This can help identify trends, such as whether it’s time to switch your marketing site provider due to frequent vulnerabilities or if a specific engineering team is responsible for recurring Cross-Site Scripting vulnerabilities.
