Welcome to Bugcrowd's Product Documentation Center

You'll find comprehensive guides and documentation to help you start working with Bugcrowd as quickly as possible.

added

Viewing NDA Compliance Status

Posted by Barnett Klane 12 days ago

Our customers have compliance requirements to meet in order for testing to be started on their programs. One of these can be contractual requirements that require researchers to sign a contract in order to gain eligibility to related programs. Now researchers work to sign these documents in-platform to make it easier than ever to activate on your program. Customers also gain visibility of researchers signature status right within the Participants tab.

Attack Surface Management: Asset Inventory - Dashboards and other updates

Posted by Randy Young 3 months ago

Inventory Dashboards
You can now render your inventory as dashboards for easier consumption.

New features in Attack Surface Management - Asset Inventory

Posted by Randy Young 4 months ago

Multi-Inventory

added

Self-Service Program Initiation Now Available

Posted by Randy Young 4 months ago

Existing customers can now initiate programs through the self-service program creation workflow via the ‘+Start now’ button on the program dashboard at https://tracker.bugcrowd.com/programs. The current supported self-service program types are; Bug Bounty, On-Demand, and Vulnerability Discloser Program.

added

Customer On-call Person

Posted by Barnett Klane 4 months ago

The partnership between Bugcrowd's Triage Team and our customers requires collaboration and quick response to help cut down the time it takes to triage and accept vulnerabilities. Last year we made it easier for customers to reach out to the Triage Team by easily mentioning @bugcrowd within comments. This has simplified customer workflows of identifying the right person at Bugcrowd while improving our Triage Team's ability to respond to such. Now we're excited to launch @customer mentions, giving customers the ability to manage who we reach out to for triage related discussions. The field gives you full control by allowing multiple email addresses to be set, enabling support for PagerDuty, OpsGenie, VictorOps and any other alerting and incident management software that supports email intake. Once filled it, our Triage Team will leverage @customer going forward on your program.

added

Slack Integration Notification for Blockers

Posted by Barnett Klane 5 months ago

Whether accepting, paying unblocking, or resolving submissions there is a lot to do in CrowdControl. While we help you get the work done in platform, often one needs to be told there is work to do. We have now expanded our Slack integration to now cover all the work one need to be informed of, adding in support for notification on Blockers for all customers. This has been enabled on by default to ensure y'all don't miss any work, but ya have the ability to manage it right from your slack settings.

added

CrowdStream and Coordinated Disclosure

Posted by Mythri Sathyan 7 months ago

CrowdStream is Bugcrowd's public activity feed and displays the activities for unresolved, resolved, or coordinated disclosed submissions depending on the configured level of visibility for a program.
This activity feed displays the program name, researcher name, priority, target, date of resolution or acceptance, and/or reward amount based on the configured visibility settings. The Exclude this finding from CrowdStream toggle option per-submission hides submissions even if the submission is accepted or disclosed.

added

IBM Resilient Integration

Posted by Mythri Sathyan 8 months ago

IBM Resilient integration is added that allows you to synchronize accepted submissions in Bugcrowd to your IBM Resilient platform. You can also create a new IBM Resilient incidence with vulnerability data from Bugcrowd so that customers can fix the vulnerability.

added

Program Announcements

Posted by Barnett Klane 9 months ago

Customers can now communicate directly with researchers and let them know the updates related to their program. Announcements keep your subscribed researchers informed of the latest updates to your platform's features, program scope, and incentives, while providing new researchers looking for new work, a peek into opportunities for testing. When published, the announcement is posted to subscribed researcher's emails and within the program brief for those that have access.

added

Filtering Customer Blockers

Posted by Richard Yang 11 months ago

We created a straightforward approach for Customers to identify submissions blocked on the Program Owners needing to be acted upon. The state signifies Bugcrowd's ASEs or Researchers are waiting for additional clarification before action will be taken.