A medium$-$sized software development company recently introduced a bug bounty program to identify and mitigate vulnerabilities in their flagship application. The security manager plans to coordinate the program's rules and engagement policies.

When setting up a bug bounty program for vulnerability management, which activities should the security manager prioritize to ensure the program's effectiveness and ethical participation? $($Select two.$)$

answer

Establishing a clear scope of which assets researchers can test.

Providing a secure platform for researchers to report findings.

Allowing researchers to disclose findings publicly immediately after discovery.

Offering substantial rewards regardless of the severity of the bug found.

Providing valuable real$-$time information on the latest cyber threats and vulnerabilities.