Skip to content
Fortworx

Bounty Program

Overview

Bounty programs are a great way to incentivize security researchers to find and report security vulnerabilities in your application. By offering a reward for valid security vulnerabilities, you can encourage researchers to spend time and effort looking for bugs in your application, which can help you identify and fix security issues before they are exploited by malicious actors.

How It Works

Fortworx supports bounty programs through its Claims and Grants system. When a researcher submits a valid vulnerability report, they can raise a claim requesting credit or a reward. Your team reviews the claim and can offer grants — either Hall of Fame recognition or a Bug Bounty payment.

Setting Up a Bounty Program

  1. Define your scopes and mark the relevant ones as Eligible for Bounty.
  2. When a valid vulnerability is reported against a bounty-eligible scope, the researcher can raise a claim.
  3. Review the claim and create a grant with the appropriate reward type and amount.
  4. Bug bounty payments are processed through Stripe Connect. Researchers set up their payout account through the researcher portal.

Scope Eligibility

Each scope can be individually configured as eligible or ineligible for bounty rewards. Only reports matching a bounty-eligible scope can have bug bounty grants created for their claims. See Scopes for details on configuring scope settings.