A Checklist outlining key steps to take when considering or building a bug bounty and vulnerability disclosure program. It also addresses minimizing program abuses and legal obligations and risks under the Computer Fraud and Abuse Act (CFAA), Digital Millennium Copyright Act (DMCA), and federal and state laws and regulator expectations for reasonable information security practices. This Checklist is designed to be used with Practice Note, Bug Bounty and Vulnerability Disclosure Programs.