1. Clear and concise scope definitions: When we first launched our program, we spent a lot of time defining the scope. Clear boundaries not only focus on hackers’ efforts but also ensure that all parties are aligned on what constitutes a valid vulnerability. Don’t panic or stand in the dark and hope for the best; clear and concise.
2. Fair and transparent reward structures: The success of the program is closely linked to its reward system. Ethical hackers invest valuable time and expertise, and it is important that they see that their efforts are appreciated. At Crypto.com, we’ve made our reward structure competitive and transparent, with an easy-to-understand tiered system, ensuring that ethical hackers are motivated to contribute their best work. Get creative! Ethical hackers are ‘techies’ at heart, so they appreciate good quality branded swag on a regular basis, as a token of appreciation. Make them feel part of your company’s family as they should.
3. Fast and courteous communication: As in any relationship, communication is key. In one memorable instance, an ethical hacker discovered a potential exploit while our internal teams were investigating. We immediately interviewed the hacker, informed them of their findings and provided feedback on our corrective actions, where they confirmed that they had closed the loop. This quick and courteous communication not only solved the problem but also cemented a good relationship with the hacker, and our turnaround time showed our level of commitment to security.
Source link