Teshpatelproductboard
commented
4 months ago Closed Teshpatelproductboard closed 4 months ago
Teshpatelproductboard
commented
4 months ago Teshpatelproductboard
commented
4 months ago closed
✍️ Objective
Integrate with VLM tools to track the entire vulnerability lifecycle from discovery to remediation.
Problem summary
Customers are facing challenges in maximizing the return on investment of their bug bounty programs, including the need for deeper integration with security tools, advanced functionality for program segmentation and hacker targeting, and built-in negotiation tools for fair compensation. Additionally, they seek dynamic bounty management capabilities to adjust rewards based on factors such as vulnerability severity, uniqueness, exploitability, and time to report.
Pain points
Deeper integration between HackerOne and popular security tools is needed to enable automatic data transfer and improved vulnerability management across different platforms.
Advanced functionality requests, such as program segmentation by vulnerability type and customizable hacker targeting, require significant development effort and consideration for data privacy.
Disagreements between hackers and program owners about the severity or value of a particular vulnerability can arise, highlighting the need for built-in negotiation tools within the HackerOne platform.
Dynamic bounty management poses challenges, including the need to dynamically adjust bounty rewards based on factors such as vulnerability severity, uniqueness of the find, exploitability, and time to report.
Themes
Deeper integration with popular security tools: Customers are requesting improved integration between HackerOne and other security tools such as SIEM and ticketing systems to enable automatic data transfer and enhanced vulnerability management.
Advanced functionality for bug bounty programs: Customers are seeking advanced features such as program segmentation by vulnerability type, customizable hacker targeting based on skills and certifications, and dynamic bounty management, which would require significant development effort and consideration for data privacy.
Disagreements over severity and value of vulnerabilities: Customers are looking for built-in negotiation tools within the HackerOne platform to facilitate secure communication and transparent justification for bounty amounts, aiming to ensure fair compensation for both hackers and program owners.
Dynamic bounty management: Customers want the ability to dynamically adjust bounty rewards based on factors such as vulnerability severity, uniqueness of the find, exploitability, and time to report, in order to incentivize faster discovery and reward more critical vulnerabilities.
📏 Measures of Success
Provide clear and measurable outcomes. Each goal should be easily quantifiable, such as “at least 80% of new users will use this feature more than once a week.” This is an excellent opportunity for collaborators to comment on whether those goals are feasible or if they should be higher, given the investment of resources. We use anywhere from 3 to 6, but you’ll need to determine the right amount for you
Embedded content
Embedded content
Embedded content
📣 The "announcement"
The announcement envisions the feature’s impact on customers and how they’ll use it. It will also get your teams excited about the work to be done.
📝 Context
We call this the “big picture need” and it’s where you offer the broader context for the feature you’re building. Include assumptions, statistics, use-cases, and other types of evidence that will help make the feature more compelling
⚙️ Detailed needs and solutions
Before writing down solution ideas, plainly describe each need related to the feature. Then involve everyone in creating and editing a list of solutions that may address that need. The point here isn’t to start with a definitive prescription for how to solve those needs, but to inspire a discussion to create the best solutions.
🎯 Target audience details
As always, consider the target audience for the product. Who are you building this item for, and how will the customer use it in their everyday lives?
🎨 Mockups and design sketches
Why write when images will do? Including mockups and sketches is a great way to give your idea something tangible to review. Either drop in your ideas, or this can be where designers start adding in their ideas or inspiration from other products or projects.
📊 Market research
What have your customers said in the past about similar products? Have they made any special requests for new products like the one in mind?