Programs
The meta-game. Choosing the right program is a force multiplier on everything else in this playbook. A great hunter on a bad program earns less than an average hunter on a great program.
Platform Strategy
HackerOne
Signal system, reputation mechanics, program selection, getting into privates.
Bugcrowd
VRT (Vulnerability Rating Taxonomy), priority queues, kudos, and how their triage differs from H1.
Intigriti
EU-heavy program list, researcher tools, triage experience.
Self-Hosted Programs
security.txt, responsible disclosure pages, programs outside the major platforms. Often less competition, sometimes less legal protection.
Program Selection
Reading Scope Documents
The scope document is a contract. What "in scope" actually means, what exclusions to watch for, how to interpret ambiguous language.
Payout Analysis
Historical payout data, bounty table analysis, using platform statistics to estimate expected value per hour on a given program.
Competition Assessment
Gauging active researcher count, duplicate rates, finding programs in the sweet spot of good payouts and moderate competition.
New Program Strategy
First blood tactics. The first 48 hours on a new program are the highest-value window. How to capitalise on it.