Changelog

Stay in the loop on the latest

Subscribe to updates at https://docs.bugcrowd.com/changelog.xml.

Nov 19th, 2020
Nov 5th, 2020

Customers > Task List

Sep 16th, 2020
Sep 15th, 2020
Sep 12th, 2020
Sep 9th, 2020

Customers > New Documentation Site

Sep 1st, 2020

Customers > API Token usage

    Added
  • Visibility into usage of API tokens across the team

Aug 22nd, 2020
Jul 30th, 2020
Jun 18th, 2020
Apr 16th, 2020

Customers > Attack Surface Management Asset Inventory - Dashboards and other updates

    Added
  • New features in Attack Surface Management:Asset Inventory - Dashboards and other updates

Apr 3rd, 2020
Mar 31st, 2020

Customers > New features in Attack Surface Management - Asset Inventory

    Added
  • New features in Attack Surface Management - Asset Inventory

Mar 28th, 2020
Mar 25th, 2020
Mar 5th, 2020
Mar 3rd, 2020
Dec 20th, 2019
Dec 19th, 2019
Dec 19th, 2019
Nov 29th, 2019
Nov 5th, 2019
Oct 23rd, 2019

Customers > Program Announcements

Oct 11th, 2019
Aug 21st, 2019
Aug 13th, 2019
Aug 2nd, 2019
Jul 24th, 2019
Jun 17th, 2019
May 8th, 2019
May 7th, 2019
May 3rd, 2019
Apr 11th, 2019
Apr 11th, 2019
Apr 10th, 2019

Customers > Retesting Update

Apr 2nd, 2019
Apr 2nd, 2019

Customers > Program Search Launched

    Improved
  • Renamed Additional Fields tab to Fields and Settings

  • Renamed Known Issues tab to Import Issues

Apr 1st, 2019
Mar 20th, 2019

Customers > Integration Updates

Mar 15th, 2019

Customers > Updating to VRT 1.7

    Added
  • Automative Security Misconfiguration category

  • Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.

  • Two new P4’s related to 2FA Secret Management

  • Improved
  • Remediation Advice links to latest OWASP Documentation

Mar 14th, 2019

Researchers > Updating to VRT 1.7

    Added
  • Automative Security Misconfiguration category

  • Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.

  • Two new P4’s related to 2FA Secret Management

  • Improved
  • Remediation Advice links to latest OWASP Documentation

Feb 20th, 2019
Feb 16th, 2019
Feb 16th, 2019

Customers > Comparison Operators for Dates

    Improved
  • Tokenized date search

Feb 16th, 2019
Dec 18th, 2018
Dec 18th, 2018

Customers > File Support Update

    Improved
  • Platform supports 100MB for all file uploads

Dec 18th, 2018

Customers > Application Security Engineer Listed

    Added
  • Application Security Engineer listed

Dec 17th, 2018
Dec 17th, 2018

Researchers > File Support Update

    Improved
  • Platform supports 100MB for all file uploads

Nov 14th, 2018
Nov 2nd, 2018
Nov 1st, 2018
Oct 30th, 2018
Oct 30th, 2018
Oct 27th, 2018
Oct 26th, 2018
Oct 3rd, 2018
Sep 24th, 2018
Sep 24th, 2018

Customers > Crowdcontrol Improves Adjusted Payment Workflow

    Added
  • Adjusting mistaken rewards workflow updated:Customers can send mail to support@bugcrowd.com.

Sep 22nd, 2018
Sep 19th, 2018
Sep 19th, 2018
Sep 18th, 2018
Aug 16th, 2018
Aug 16th, 2018

Customers > Crowdcontrol Usability More Intuitive

Aug 15th, 2018

Researchers > Crowdcontrol Usability More Intuitive

    Improved
  • Identify Bugcrowd employees in activity feeds with a new icon identifier

Aug 8th, 2018
Aug 7th, 2018
Jul 11th, 2018

Customers > Improved Platform Usability

Jul 10th, 2018
Jul 3rd, 2018

Researchers > Advanced Crowdcontrol UX

    Added
  • Unique Avatars

  • updated label on the Programs page, to highlight recently updated programs.

  • Bugcrowd ninja forwarding now includes the to email address to allow sub-domains.

  • Quick links panel in Researcher dashboard

  • Leveraging program or user images for unfurling.

  • Improved
  • Use Crowdcontrol on the go, now with a responsive navigation bar.

  • Notifications show below the customer state dropdown, so you can quickly change states, without needing to dismiss.

Jul 3rd, 2018

Customers > Advanced Crowdcontrol UX

    Added
  • Unique Avatars - distinct default avatars to easily identify users. (Customer

  • Hover over avatar to show a user’s email address.

  • Highlight recently updated on the Programs page

  • Indication on customer’s programs page which programs are demos.

  • Leveraging program or user images for unfurling.

  • Improved
  • Use Crowdcontrol on the go, now with a responsive navigation bar.

  • Change states without needing to dismiss thanks to notifications shown below the customer state dropdown.

Jul 2nd, 2018
Jul 2nd, 2018
Jun 21st, 2018
Jun 19th, 2018
Jun 19th, 2018
Apr 21st, 2018

Customers > Enhance Program Metrics

    Fixed
  • Transaction Times within insights take into account skipped states

  • Validation Time within the Bounty Brief takes into account submissions that have not been validated yet

  • Improved
  • Bounty average payouts only include first to find, P1-4 payouts

Apr 17th, 2018

Researchers > Heightened Platform Security and Usability

    Added
  • Remove timeout, instead using re-authentication prompts.

  • Interactive Session Management UI

  • Improved
  • Added SSO indicators for authentications within the Session Management interface

Apr 17th, 2018

Customers > Heightened Platform Security and Usability

    Added
  • Remove timeout, instead using re-authentication prompts.

  • Interactive Session Management UI

  • Improved
  • Added SSO indicators for authentications within the Session Management interface.

Apr 17th, 2018
Apr 16th, 2018
Feb 16th, 2018

Customers > New Crowdcontrol Enhancements Add Improved Platform Efficiencies

Feb 15th, 2018

Researchers > New Crowdcontrol Enhancements Add Improved Platform Efficiencies

    Added
  • Search by Custom Fields with the Submission Search Bar

  • Search result number count when using the Submission Search Bar

  • Insights filter toggle - offering a clean display for sharing data on TVs

  • Improved
  • Page design refreshes on the ID Verification and Payment Method Configuration pages

Jan 17th, 2018

Researchers > Improved Program Performance Tracking and Platform Efficiency

Jan 17th, 2018

Customers > Improved Program Performance Tracking and Platform Efficiency

Dec 22nd, 2017
Dec 21st, 2017
Nov 22nd, 2017

Customers > New Submission Search Bar and Filtering

    Added
  • Search bar has been launched within Crowcontrol

  • Improved
  • Known issue import no longer requires submitted_at to be set, defaulting to the current time.

  • Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.

Nov 21st, 2017

Researchers > New Submission Search Bar and Filtering

    Added
  • Advanced submission filtering is live

  • Improved
  • Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.

Oct 19th, 2017

Customers > Improved Efficiency with CVSS and Notifications

    Added
  • CVSS scores get backfilled based on VRT after enabled on a program

  • Easy to track email notifications now with threading grouped by submissions are delivered as a thread within email clients

Oct 10th, 2017

Customers > Added CVSS Calculator

    Added
  • Organizations can manage submission severity with CVSS v3

Oct 4th, 2017

Researchers > Introducing VRT 1.3

    Improved
  • VRT v1.3 is shipped

Oct 4th, 2017

Customers > Introducing VRT 1.3

    Improved
  • VRT v1.3 is shipped

Sep 26th, 2017

Customers > New Notification Management and Downloadable Data

    Added
  • View and manage your notifications all from the new notifications page.

  • Download CSV of reward data from Crowdcontrol.

Sep 22nd, 2017

Customers > New Embedded Submission Form

Sep 15th, 2017

Customers > Improved Notifications

    Improved
  • Viewing unread notifications automatically marks them as read

Sep 6th, 2017

Customers > Seamless Crowdcontrol Quick Search

    Added
  • Enable syntax highlighting in your fenced code blocks when writing or commenting on a submission.

  • Use Quick Search to find exactly what you’re looking for in Crowdcontrol.

Sep 1st, 2017

Customers > Advanced API Documentation

    Added
  • New API docs are available.

  • created_at DateTime within the Comment Object

Aug 11th, 2017

Customers > VRT 1.2, Improved Functionality, and New Integration

    Added
  • Attach a file to comments within Crowdcontrol.

  • Import known issues found in Qualys WAS scans into Crowdcontrol

  • Improved
  • v1.2 of the VRT is available

  • Custom fields now support up to 2048 characters.

Aug 1st, 2017
Jul 26th, 2017

Researchers > VRT Goes Open Source

    Added
  • VRT gem is now open sourced

Jul 26th, 2017

Customers > VRT Goes Open Source

    Added
  • The VRT gem is now open sourced.

Jul 17th, 2017

Customers > Enhanced Reporting

    Improved
  • Rewards are now listed in the order in which they were rewarded.

  • Added
  • CSV exports of submissions now include information about the target (name and category) and the source of the submission.

Jul 13th, 2017

Customers > Simplified Workflow and Improved Filtering

    Added
  • source filters are now available in Insights.

  • Switching between programs now takes you to the same page in the selected program.

Jul 6th, 2017

Researchers > Improved Clarity and Workflow

    Improved
  • Researchers can now upload an attachment to a comment

  • New and Triaged submissions can be auto-assigned to a team member

Jul 6th, 2017

Customers > Improved Clarity and Workflow

    Added
  • Researchers can now upload an attachment to a comment

  • New and Triaged submissions can be auto-assigned to a team member.

Jun 27th, 2017

Customers > Print a Submission

    Added
  • Individual submissions can now be printed within Crowdcontrol

Jun 23rd, 2017

Customers > Improved Security and Transparency

    Improved
  • Password entropy validation will be performed on any page where a password can be changed.

  • Public program response metrics for a program can now be viewed without logging in to the platform.

  • P5 submissions can now be viewed and filtered in Insights.

Feb 15th, 2017

Researchers > Comparison Operators for Dates

    Improved
  • Tokenized date search