Create scope_example.md

bug-bounties/scope_example.md

@@ -0,0 +1,68 @@
+# Bug Bounty Program Scope
+
+## Introduction
+
+Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.
+
+## Target Systems
+
+### In-Scope Targets
+
+- **Web Applications**
+  - app1.example.com
+  - app2.example.com
+- **Mobile Applications**
+  - Android App (version x.x and above)
+  - iOS App (version x.x and above)
+- **APIs**
+  - api.example.com/v1/
+  - api.example.com/v2/
+
+### Out-of-Scope Targets
+
+- Internal Systems (192.168.x.x)
+- Third-party Applications or Plugins
+- Subdomain3.example.com
+
+## Vulnerability Types
+
+### In-Scope Vulnerabilities
+
+- Cross-Site Scripting (XSS)
+- SQL Injection
+- Cross-Site Request Forgery (CSRF)
+- Business Logic Vulnerabilities
+
+### Out-of-Scope Vulnerabilities
+
+- Denial of Service (DoS) attacks
+- Social Engineering Attacks
+- Physical Attacks
+
+## Testing Methods
+
+- Automated Scanning (Specify permitted tools)
+- Manual Code Review
+- Penetration Testing (Specify guidelines)
+
+## Reward Structure
+
+- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
+- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
+- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
+- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)
+
+(Include criteria for determining the severity)
+
+## Reporting Guidelines
+
+Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.
+
+## Legal Protections
+
+Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.
+
+## Contacts
+
+Provide contact details for researchers to reach out in case of queries or clarifications.
+