1. Clear and concise scope definitions: When we first rolled out our program, we spent considerable time defining the scope. Clear boundaries not only focus the efforts of ethical hackers but also ensure that all parties are aligned on what constitutes a valid vulnerability. Don’t present or frame it vaguely and hope for the best; be clear and concise.
2. Fair and transparent reward structures: A program’s success is closely tied to its reward system. Ethical hackers invest significant time and expertise, and it is crucial that they feel their efforts are valued. At Crypto.com, we have made our reward structure both competitive and transparent, with an easy-to-comprehend tiered system, ensuring that ethical hackers are incentivized to contribute their best work. Get creative! Ethical hackers are ‘techies’ at heart, so they appreciate some good quality branded swag every now and then, as a token of appreciation. Make them feel part of your company’s extended family as they should be.
3. Prompt and respectful communication: As with any relationship, communication is key. In one memorable instance, an ethical hacker uncovered a potential exploit while our internal teams were still testing. We immediately engaged with the ethical hacker, acknowledging their findings and providing feedback on our remediation steps, where they subsequently validated to close the loop. This prompt and respectful communication not only resolved the issue but also reinforced a positive relationship with the hacker, and our turnaround time showed our level of commitment to security.