Welcome to Bugcrowd's Product Documentation Center

You'll find comprehensive guides and documentation to help you start working with Bugcrowd as quickly as possible.

Updating to VRT 1.6

Chloé Messdaghi · 26 days ago1 changes

Updated VRT 1.6 includes two major changes: revision to internal SSRF, and how we rate email spoofing, more specifically the baselines around SPF and DMARC.

  • 1 improved

Add Reward Update

Chloé Messdaghi · about a month ago1 changes

The Add Reward model now shares when a suggested reward amount differs from the range currently in the program settings. Note, if the range changes, researchers can still expect to be paid according to what was advertised at the time they created their submissions.

  • 1 added

Point Reward System Better Aligns Expectations and Acknowledges Researchers for Their Hard Work

Chloé Messdaghi · about a month ago3 changes

Improvements to the point reward system have been made to better align expectations between customers and researchers. Qualifying“Won’t Fix” submissions will be rewarded points to recognize the researchers for their hard work, while setting the expectation that the vulnerability is an accepted risk ...

  • 2 added
  • 1 fixed

2FA Check Feature

Chloé Messdaghi · about a month ago

We’ve included check marks to indicate which team members have their Two Factor Authentication (2FA) enabled. Allowing customers to note who on their team needs to turn on their 2FA to remain protected. Note, using SAML as a means of authentication can leverage two factor through their provider and ...

    Updating to VRT 1.5

    Chloé Messdaghi · about a month ago2 changes

    The latest VRT release (version 1.5) includes the following updates:
    -Improving transparency by adding multiple entries for commonly reported issues
    -Aligning the baseline severity rating to best reflect the market by increasing taxonomy granularity

    • 2 improved

    Enhancements Made to JIRA Integrations

    Chloé Messdaghi · 2 months ago3 changes

    Advancements to the JIRA integration have been made to enhance and enrich the data/ shared with development. The integration now offers more customization to fit customer needs with the ability to automatically push submission comments from Crowdcontrol into JIRA, map the VRT to fields within JIRA, ...

    • 3 added

    Crowdcontrol Improves Adjusted Payment Workflow

    Chloé Messdaghi · 2 months ago1 changes

    Although rare, customers have made a mistake when rewarding for vulnerabilities and, therefore, adjustments may be needed. Upon the cancelation of a reward, researchers will be notified and informed of the reason for the change. Customers can then award the correct amount.

    • 1 added

    Minor Tokenized Search Bugs Fixed

    Chloé Messdaghi · 2 months ago2 changes

    A few minor bugs were identified and fixed. No longer will duplicate query values appear and now you can search for dates in the latter half of the month.

    • 2 fixed

    Added Platform Usability and Preference Control

    Chloé Messdaghi · 2 months ago3 changes

    Recent updates include added usability and control for users. Researchers can now easily filter by and view “Pending Invitations” to programs that have yet to start. Additionally, researchers can also pause and unpause payments as needed. This update has added the ability to configure Crowdcontrol t...

    • 3 added

    Improvements Made to Boost Submission Workflow Efficiency

    Chloé Messdaghi · 2 months ago3 changes

    Significant improvements have been made to increase the speed and efficiency of the submission workflow within Crowdcontrol. Submission blockers have been added to inform users (customers and researcher) when a specific action is required to further assist the vulnerability triage, validation, and f...

    • 2 added
    • 1 improved

    Improved SDLC and Remediation Support

    Travis Andrade · 3 months ago2 changes

    Updates have been made to improve the ease of sharing vulnerability data with Development through Crowdcontrol’s Jira integration and downloadable CSV reports.

    • 2 improved

    Crowdcontrol Usability More Intuitive

    Travis Andrade · 3 months ago2 changes

    Improvements were made to increase the platform’s ease-of-use. Updating submissions are now easier than ever, and identifying Bugcrowd within the activity feed is now simple.

    • 1 improved
    • 1 added

    Hacker Education with Bugcrowd University

    Travis Andrade · 4 months ago1 changes

    Bugcrowd is excited to announce Bugcrowd University to help educate and empower the Crowd with the latest skills and methodologies.

    • 1 added

    Improved Platform Usability

    Travis Andrade · 5 months ago5 changes

    Advancements have been made to Crowdcontrol to improve its usability. These updates deliver increased functionality built to improve the efficiency of everyday users. For example, tokenized search capabilities have been enhanced for all users to find exactly what they’re looking efficiently and effe...

    • 4 improved
    • 1 fixed

    Advanced Crowdcontrol UX

    Travis Andrade · 5 months ago9 changes

    A number of improvements have been implemented to Crowdcontrol delivering a more intuitive and effective user experience.

    • 7 added
    • 2 improved

    Enhanced Security Tracking Capability

    Travis Andrade · 5 months ago1 changes

    Crowdcontrol makes it easy to identify unusual activity on your account with the Security Event Log, which tracks events such as new sessions or modifications to your credentials. This is available for both customers and researchers.

    • 1 added

    Multiple Jira Project Support & Flexible Jira Sync

    Barnett Klane · 5 months ago2 changes

    Crowdcontrol now supports multiple Jira projects. Customers can now choose which Jira project a submission should be pushed to. Developers and security engineers often add their own notes to Jira tickets. Crowdcontrol's Jira integration now preserves their edits by only syncing selective Jira fields...

    • 1 improved
    • 1 added

    Updating to VRT 1.4

    Barnett Klane · 5 months ago1 changes

    VRT 1.4 includes general updates/refined classifications along with mappings to Common Weakness Enumeration (CWE) and remediation advice.

    • 1 improved

    Enhance Program Metrics

    Travis Andrade · 7 months ago3 changes

    Program metric has been adjusted and improved to deliver helpful data around the health of a program. Refinements to the data provided on the insights page as well as on the bounty brief now provide increased accuracy.

    • 2 fixed
    • 1 improved

    Heightened Platform Security and Usability

    Travis Andrade · 7 months ago3 changes

    Advancements have been made to Crowdcontrol to bolster the security of the platform as well as improve its usability. The updates now offer advancements that offer a workflow built to improve the efficiency of everyday users.

    • 2 added
    • 1 improved

    Crowdcontrol Increases Visibility

    Travis Andrade · 7 months ago2 changes

    This update introduces a new feature, Known Issue Sharing, enabling organizations to provide added visibility into a program (read Bugcrowd’s blog to learn...

    • 2 added

    New Crowdcontrol Enhancements Add Improved Platform Efficiencies

    Travis Andrade · 9 months ago7 changes

    Significant improvements have been made to Crowdcontrol to build upon its current intuitive experience and offer enhancements that will help improve the efficiency of everyday users. Each enhancement augments the use of existing features such as the Submission Search Bar, JIRA integration, Insights ...

    • 4 added
    • 3 improved

    Improved Program Performance Tracking and Platform Efficiency

    Travis Andrade · 10 months ago4 changes

    Introducing a new program performance metric on the Program Page, highlighting the time it takes organizations to validate incoming submissions. Crowdcontrol's submission search bar continues to improve the efficiency of finding submissions by adding the ability to search by VRT categories. Customer...

    • 4 added

    Enhanced Security & Improved Functionality Offer Seamless Usability

    Travis Andrade · 11 months ago6 changes

    This update includes a security enhancement as we've implemented CSP protections to better protect from possible vulnerabilities. In addition, we released the ability to seamlessly sort the order of the targets on your program brief with a simple drag and drop feature. The submission search bar has ...

    • 6 added

    New Submission Search Bar and Filtering

    Barnett Klane · about a year ago4 changes

    This update introduces comprehensive submission filtering capabilities, with a new intuitive search bar providing unique filter sets built to optimize the amount of time spent finding submissions.

    • 2 added
    • 2 improved

    Improved Efficiency with CVSS and Notifications

    Barnett Klane · about a year ago2 changes

    This update helps reduce the friction of CVSS implementation by backfilling prior submissions with a CVSS score based on the VRT. Also, improvements have been made to email notifications providing a more efficient means of identifying multiple notifications on a single submission.

    • 2 added

    Added CVSS Calculator

    Barnett Klane · about a year ago1 changes

    The CVSS calculator has been added to Crowdcontrol, allowing customers to score vulnerabilities found by Bugcrowd Researchers with CVSS.

    • 1 added

    Introducing VRT 1.3

    Barnett Klane · about a year ago1 changes

    VRT 1.3 includes changes to improve the alignment of the VRT to the newest release of OWASP's Top 10 2017 and mapped the VRT to CVSS.

    • 1 improved

    New Notification Management and Downloadable Data

    Barnett Klane · about a year ago2 changes

    This update introduces a new notifications page to centralize the management of notifications and allows customers to download reward data from Crowdcontrol.

    • 2 added

    New Embedded Submission Form

    Barnett Klane · about a year ago1 changes

    The Embedded Submission Form allows customers to host a submission form directly on their website for simple and organized vulnerability disclosure.

    • 1 added

    Improved Notifications

    Barnett Klane · about a year ago1 changes

    Crowdcontrol's notification feature is now smarter than ever as it will automatically mark all unread notifications as read once you've viewed the submission.

    • 1 improved

    Seamless Crowdcontrol Quick Search

    Barnett Klane · about a year ago2 changes

    This update enables customers to easily highlight syntax and quick search what you're looking for in Crowdcontrol.

    • 2 added

    Advanced API Documentation

    Barnett Klane · about a year ago2 changes

    New API documentation has been created to help streamline the process of implementing Crowdcontrol data into your applications.

    • 2 added

    VRT 1.2, Improved Functionality, and New Integration

    Barnett Klane · about a year ago4 changes

    Introducing updated version of VRT, 1.2, added a new Qualys integration, and improved platform functionality with increased text character and file attachment support.

    • 2 improved
    • 2 added

    Slack Integration

    Barnett Klane · about a year ago1 changes

    New Slack integration has been added to allow quick and easy Crowdcontrol notifications within a dedicated Slack channel.

    • 1 added

    VRT Goes Open Source

    Barnett Klane · about a year ago1 changes

    The Bugcrowd Vulnerability Rating Taxonomy is now open sourced on GitHub and offers streamlined integration with VRT gem.

    • 1 added

    Enhanced Reporting

    Barnett Klane · about a year ago2 changes

    Updates have been made to improve the Rewards tab in Crowdcontrol and deliver additional data for CSV exports of submissions.

    • 1 improved
    • 1 added

    Simplified Workflow and Improved Filtering

    Barnett Klane · about a year ago2 changes

    Updates have been made to provide a smooth workflow for customers switching between programs. This update includes an additional field to the submission inbox filters.

    • 2 added

    Improved Clarity and Workflow

    Barnett Klane · about a year ago2 changes

    This update delivers helpful tools to help improve the platform experience for both researcher and customers.

    • 2 added

    Print a Submission

    Barnett Klane · about a year ago1 changes

    Crowdcontrol now makes it easy for you to print out a single submission data.

    • 1 added

    Improved Security and Transparency

    Barnett Klane · about a year ago3 changes

    Updates were made to increase the security of passwords usage and improve the transparency of program data.

    • 3 added