We’re excited to introduce Asset Groups, our latest feature designed to help structure mismanaged and broad program scopes for improved visibility. A more organized program scope helps security researchers navigate complex scopes efficiently, ultimately increasing engagement.
We aim to solve the friction that organizations with larger program scopes face when structuring their bug bounty program in-scope assets. Asset groups will provide you with more flexibility to organize and present your program scope.
This added benefit allows security researchers to easily filter and navigate through your list of assets, creating more opportunities to attract the right talent to your bug bounty program.
In addition to the aforementioned benefits, a more organized scope allows for the following significant advantages:
-
Enhanced researcher experience: A clearer, more navigable view of (large) program scopes helps researchers find relevant assets faster, whether they are casually exploring or targeting specific assets, ultimately resulting in increased program engagement.
-
Incentivizes proper scope structuring: Asset groups will help organizations like yours utilize the provided platform features to their fullest extent rather than relying on workarounds that add complexity or harm discoverability.
Asset Groups open up a more navigable way to explore large scopes for both security researchers and program managers. Let’s have a look at a few practical examples.
Using Asset Groups to segregate by asset type
Asset groups can help you segregate assets by type. For instance, if you have multiple mobile applications, you can use asset groups to group and segregate them from your main web or API-based assets.
Using Asset Groups to segregate by asset type
Using Asset Groups to segregate by application component
In other instances, you may have application routes or API endpoints you wish to receive more attention to. Asset groups allow for segregating these specific API endpoints to help improve visibility and attract the right talent to your bug bounty program.
Using Asset Groups to segregate by application component
Using Asset Groups to segregate by department
Larger organizations often employ a centralized bug bounty program to receive submissions affecting multiple assets, including those of subsidiaries or other departments. Asset groups can help you enhance searchability and granular scope definition at the program level.
We’ve prepared a comprehensive guide to help you make the most of Asset Groups. For more details on managing asset groups, organising your scope, and best practices, visit our Asset Groups KB article, or explore our other Knowledge Base articles to find additional resources.
Your input is what helps us drive the changes of tomorrow. If you have a use case that isn’t currently available, please get in touch with us. We value any feedback shared with us as it helps us move toward a frictionless cybersecurity world.
Contact us today to suggest your ideal feature at [email protected].