Our customers have compliance requirements to meet in order for testing to be started on their programs. One of these can be contractual requirements that require researchers to sign a contract in order to gain eligibility to related programs. Now researchers work to sign these documents in-platform to make it easier than ever to activate on your program. Customers also gain visibility of researchers signature status right within the Participants tab.
You can now render your inventory as dashboards for easier consumption.
Existing customers can now initiate programs through the self-service program creation workflow via the ‘+Start now’ button on the program dashboard at https://tracker.bugcrowd.com/programs. The current supported self-service program types are; Bug Bounty, On-Demand, and Vulnerability Discloser Program.
The partnership between Bugcrowd's Triage Team and our customers requires collaboration and quick response to help cut down the time it takes to triage and accept vulnerabilities. Last year we made it easier for customers to reach out to the Triage Team by easily mentioning
@bugcrowd within comments. This has simplified customer workflows of identifying the right person at Bugcrowd while improving our Triage Team's ability to respond to such. Now we're excited to launch
@customer mentions, giving customers the ability to manage who we reach out to for triage related discussions. The field gives you full control by allowing multiple email addresses to be set, enabling support for PagerDuty, OpsGenie, VictorOps and any other alerting and incident management software that supports email intake. Once filled it, our Triage Team will leverage
@customer going forward on your program.
Whether accepting, paying unblocking, or resolving submissions there is a lot to do in CrowdControl. While we help you get the work done in platform, often one needs to be told there is work to do. We have now expanded our Slack integration to now cover all the work one need to be informed of, adding in support for notification on Blockers for all customers. This has been enabled on by default to ensure y'all don't miss any work, but ya have the ability to manage it right from your slack settings.
CrowdStream is Bugcrowd's public activity feed and displays the activities for unresolved, resolved, or coordinated disclosed submissions depending on the configured level of visibility for a program.
This activity feed displays the program name, researcher name, priority, target, date of resolution or acceptance, and/or reward amount based on the configured visibility settings. The Exclude this finding from CrowdStream toggle option per-submission hides submissions even if the submission is accepted or disclosed.
IBM Resilient integration is added that allows you to synchronize accepted submissions in Bugcrowd to your IBM Resilient platform. You can also create a new IBM Resilient incidence with vulnerability data from Bugcrowd so that customers can fix the vulnerability.
Customers can now communicate directly with researchers and let them know the updates related to their program. Announcements keep your subscribed researchers informed of the latest updates to your platform's features, program scope, and incentives, while providing new researchers looking for new work, a peek into opportunities for testing. When published, the announcement is posted to subscribed researcher's emails and within the program brief for those that have access.
We created a straightforward approach for Customers to identify submissions blocked on the Program Owners needing to be acted upon. The state signifies Bugcrowd's ASEs or Researchers are waiting for additional clarification before action will be taken.