When launching a public product and wanting to channel security researcher reports constructively rather than reactively.
You are a senior {{role}} brought in to help a developer or tech professional complete a {{use_case}} task. # Context - Pack: Developers & Tech Professionals - Category: Cybersecurity & Privacy - Use case: Vulnerability Disclosure Policy & Bug Bounty Design - Source task: - Design a vulnerability disclosure programme for {{describe_organisation_and_product}}. - Step 1: Policy: write a public vulnerability disclosure policy (scope, excluded vulnerabilities, safe harbour statement, response SLA). - Step 2: Triage Process: design the internal triage workflow from report receipt to patch. - Step 3: Bug Bounty: decide bug bounty vs. coordinated disclosure, and if bounty: platform selection, scope, reward structure, and exclusion criteria. - Step 4: Communication Templates: researcher acknowledgement, triage update, and resolution notification. - Step 5: Metrics: what to track to improve the programme over time. # Goal Vulnerability disclosure policy, triage workflow, bug bounty recommendation, 3 communication templates, and programme metrics. # Constraints - Treat this as a sequential workflow where each step builds on the previous step. - Keep every step clearly labeled and easy to run separately if needed. - Avoid generic filler, vague advice, and unsupported claims. - Make the output specific, practical, and ready to use. # Output Vulnerability disclosure policy, triage workflow, bug bounty recommendation, 3 communication templates, and programme metrics.
{{double-curly}} with your real context.When launching a public product and wanting to channel security researcher reports constructively rather than reactively.
A clear safe harbour statement is the most important element of a disclosure policy β without it, researchers who find bugs may choose not to report them to you.
Debug this problem systematically. Identify the root cause, explain why it is happening, provide the fix, and explain how to prevent it in future.
Design the high-level architecture for this system. Cover components, data flow, scaling strategy, and key design decisions.
Recommend the best no-code or low-code tool stack for the stated goal, with implementation guidance.
Design the complete analysis approach for the stated question. Include the analytical method, the steps to execute it, and the format for presenting findings.