Choosing Your Hunting Ground                                                Chapter 2

            Third-Party Marketplaces

            Marketplaces are sites that match companies and researchers. They standardize the
            submission process, rules of engagement disclosure, and other documentation, while
            providing forums, teaching blogs, and other services to the community. Marketplaces are
            good sources of technical information and the metrics they typically collect d related to
            things such as a company's response time and average payout d can help you decide where
            to direct your efforts. The consistent submission standards mean you can also develop a
            template d we'll show you an example later d that can be modified and reused between
            engagements. This allows you to automate tooling around information-gathering, which
            will make your entire workflow easier and more consistent.


            Bugcrowd

            Bugcrowd (IUUQT   XXX CVHDSPXE DPN ) has a standard sign-up process and doesn't
            require any proof of experience to become a researcher. You can choose to make your
            profile public (so people can see the kudos points you've accumulated and general stats
            about your involvement) or keep it private.

            Your page shows your rank, how many points you've accumulated, how many submissions
            you've made over time, and the accuracy of those submissions. It also displays the average
            severity of the vulnerabilities you've had rewarded, on a scale of low-moderate-high-
            critical. Bugcrowd also maintains a system for classifying vulnerabilities, called the
            Vulnerability Rating Taxonomy, in an effort to further bolster transparency and
            communication, as well as to contribute valuable and actionable content to the bug bounty
            community. For researchers specifically, the company contends the VRT help[s] program
            participants save valuable time and effort in their quest to make bounty targets more
            secure, helping them identify which types of high-value bugs they have overlooked.

            Astute researchers will often specialize their skillset to become proficient at detecting a
            handful of bugs. As you work through the exercises and think about which strategies you'd
            like to dedicate time to, resources such as the VRT can help you triangulate that perfect
            intersection of effort and reward.
            Bugcrowd uses metrics about your behavior, pulled from the last 90 days, to determine
            which researchers to invite to private bounty programs. These private programs are opened
            to a limited set of researchers, who are given a window of time to in which find
            vulnerabilities. These private programs are great because they mean fewer researchers
            combing through a particular site, and therefore more chances for you to discover bugs.





                                                    [ 17 ]