In Scope Asset

An in scope asset may include a web application, API, mobile app, cloud service, domain, subdomain, or infrastructure component approved for security testing. In bug bounty programs, defining in scope assets helps researchers focus on areas where vulnerabilities can be responsibly reported and validated. Clear in-scope guidance improves report quality, reduces confusion, and supports controlled vulnerability discovery.