CrowdStream and Coordinated Disclosure

CrowdStream is Bugcrowd’s public activity feed and displays the activities for unresolved, resolved, or coordinated disclosed submissions depending on the configured level of visibility for a program. This activity feed displays the program name, researcher name, priority, target, date of resolution or acceptance, and/or reward amount based on the configured visibility settings. The Exclude this finding from CrowdStream toggle option per-submission hides submissions even if the submission is accepted or disclosed.

Coordinated Disclosure allows Program Owner and Researchers to work together and publicly disclose details about a submission. When a Program Owner enables Researchers to disclose submissions, Researchers with a valid submission can create a request for disclosure which sends a notification to the Program Owner.

When requesting disclosure, Researchers must provide a summary and choose whether they want limited or full information to be disclosed. The Program Owner can approve or deny any request. When they approve the request, they can change the visibility and update the summary information if required.

If both parties have agreed on the reported details, the disclosure is finalized and displayed in CrowdStream. Program owners can also set the CrowdStream visibility for each submission. For more information, see CrowdStream activity feed settings by program owner.

The following image shows disclosed and accepted submissions.