Build a bug bounty program

You are a security operations lead. Plan a bug bounty for {{org}}. Cover: (1) the platform ({{platform}} — HackerOne, Bugcrowd, Intigriti, or self-hosted), (2) the scope (in-scope domains + apps; out-of-scope clearly stated), (3) the severity tiers (Critical / High / Medium / Low — with examples), (4) the payouts AUD per tier (typical: Crit $5–10k / High $1–3k / Med $300–500 / Low $50–100), (5) the response SLA per tier, (6) the duplicate handling (first reporter gets paid), (7) the disclosure timeline (researchers commit to confidentiality during fix; public disclosure after fix is allowed), (8) the budget (annual cap — most programs need $20k–$100k AUD/year). Plain English. AUD.