You can now render your inventory as dashboards for easier consumption.
Existing customers can now initiate programs through the self-service program creation workflow via the ‘+Start now’ button on the program dashboard at https://tracker.bugcrowd.com/programs. The current supported self-service program types are; Bug Bounty, On-Demand, and Vulnerability Discloser Program.
The partnership between Bugcrowd's Triage Team and our customers requires collaboration and quick response to help cut down the time it takes to triage and accept vulnerabilities. Last year we made it easier for customers to reach out to the Triage Team by easily mentioning
@bugcrowd within comments. This has simplified customer workflows of identifying the right person at Bugcrowd while improving our Triage Team's ability to respond to such. Now we're excited to launch
@customer mentions, giving customers the ability to manage who we reach out to for triage related discussions. The field gives you full control by allowing multiple email addresses to be set, enabling support for PagerDuty, OpsGenie, VictorOps and any other alerting and incident management software that supports email intake. Once filled it, our Triage Team will leverage
@customer going forward on your program.
Whether accepting, paying unblocking, or resolving submissions there is a lot to do in CrowdControl. While we help you get the work done in platform, often one needs to be told there is work to do. We have now expanded our Slack integration to now cover all the work one need to be informed of, adding in support for notification on Blockers for all customers. This has been enabled on by default to ensure y'all don't miss any work, but ya have the ability to manage it right from your slack settings.
CrowdStream is Bugcrowd's public activity feed and displays the activities for unresolved, resolved, or coordinated disclosed submissions depending on the configured level of visibility for a program.
This activity feed displays the program name, researcher name, priority, target, date of resolution or acceptance, and/or reward amount based on the configured visibility settings. The Exclude this finding from CrowdStream toggle option per-submission hides submissions even if the submission is accepted or disclosed.
IBM Resilient integration is added that allows you to synchronize accepted submissions in Bugcrowd to your IBM Resilient platform. You can also create a new IBM Resilient incidence with vulnerability data from Bugcrowd so that customers can fix the vulnerability.
Customers can now communicate directly with researchers and let them know the updates related to their program. Announcements keep your subscribed researchers informed of the latest updates to your platform's features, program scope, and incentives, while providing new researchers looking for new work, a peek into opportunities for testing. When published, the announcement is posted to subscribed researcher's emails and within the program brief for those that have access.
We created a straightforward approach for Customers to identify submissions blocked on the Program Owners needing to be acted upon. The state signifies Bugcrowd's ASEs or Researchers are waiting for additional clarification before action will be taken.
To further expedite our customer's ability to get the crucial information needed to action a finding, we are providing them the ability to set blockers on Bugcrowd's ASEs and Researchers, flagging the need for more information around impact or reproduction of the finding. These will operate similar to the existing blockers that Bugcrowd ASE's have been using since last year, one can set a blocker within the comment field at the bottom of a submission (as seen below) which will then be visible to all users on the submission.