Subscribe to customer specific updates at https://docs.bugcrowd.com/feed/changelogs/customer.xml.
Dec 7th, 2022
Oct 24th, 2022
Mar 25th, 2022
Mar 22nd, 2022
Jun 21st, 2021
Jun 3rd, 2021
May 2nd, 2021
Apr 16th, 2021
Introduced a variant for OAuth Accounting Squatting classified as a P4
Secure Code Warrior developed a VRT mapping to their developer training
Extended support for Automotive categorization, developed in collaboration with Stellantis.
Downgraded all Flash-based entries to a rating of P5
Improved existing remediation advice for a number of entries
Simplified Weak Login Function entries with a baseline severity rating of P4
Apr 14th, 2021
Apr 5th, 2021
Feb 4th, 2021
Jan 15th, 2021
Better describe Targets with their new technology attributes and get Researchers there faster with a cleaner URL experience
Detail a set of targets via Target Group descriptions
Define a reward range per set of targets with recommendations presented when rewarding
Documented days of operation relative to triage and researcher payments
Dec 17th, 2020
Nov 5th, 2020
Sep 9th, 2020
Jul 30th, 2020
SSO Domain Validation no longer identifies Bugcrowd
Apr 16th, 2020
New features in Attack Surface Management:Asset Inventory - Dashboards and other updates
Mar 31st, 2020
New features in Attack Surface Management - Asset Inventory
Mar 25th, 2020
Mar 5th, 2020
Dec 20th, 2019
Oct 23rd, 2019
Aug 21st, 2019
Aug 13th, 2019
May 8th, 2019
May 3rd, 2019
Apr 2nd, 2019
Mar 20th, 2019
Mar 14th, 2019
Automative Security Misconfiguration category
Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.
Two new P4’s related to 2FA Secret Management
Remediation Advice links to latest OWASP Documentation
Feb 16th, 2019
Tokenized date search
Dec 18th, 2018
Application Security Engineer listed
Dec 17th, 2018
Platform supports 100MB for all file uploads
Oct 30th, 2018
Oct 3rd, 2018
Sep 24th, 2018
Sep 22nd, 2018
Sep 19th, 2018
Aug 16th, 2018
Aug 16th, 2018
Identify Bugcrowd employees in activity feeds with a new icon identifier
Jul 11th, 2018
Known Issue Sharing displays
Program code can now have hyphens
Push to Jira button now gives instant feedback
Jul 3rd, 2018
Unique Avatars - distinct default avatars to easily identify users. (Customer
Hover over avatar to show a user’s email address.
Highlight recently updated on the Programs page
Indication on customer’s programs page which programs are demos.
Leveraging program or user images for unfurling.
Use Crowdcontrol on the go, now with a responsive navigation bar.
Change states without needing to dismiss thanks to notifications shown below the customer state dropdown.
Jul 2nd, 2018
Jun 21st, 2018
Apr 21st, 2018
Transaction Times within insights take into account skipped states
Validation Time within the Bounty Brief takes into account submissions that have not been validated yet
Bounty average payouts only include first to find, P1-4 payouts
Apr 17th, 2018
Remove timeout, instead using re-authentication prompts.
Interactive Session Management UI
Added SSO indicators for authentications within the Session Management interface
Feb 16th, 2018
Search by Custom Fields with the Submission Search Bar
Search result number count when using the Submission Search Bar
Insights filter toggle - offering a clean display for sharing data on TVs
Page design refreshes on the Rewards page
Jan 17th, 2018
Program performance metric to Program Page (Time to Validation)
Customers can “read” credentials if enabled on their program
Dec 22nd, 2017
Nov 22nd, 2017
Oct 19th, 2017
Oct 10th, 2017
Sep 26th, 2017
Sep 22nd, 2017
Sep 15th, 2017
Viewing unread notifications automatically marks them as read
Sep 6th, 2017
Aug 11th, 2017
Jul 17th, 2017
Rewards are now listed in the order in which they were rewarded.
CSV exports of submissions now include information about the target (
category) and the
sourceof the submission.
Jul 13th, 2017
source filters are now available in Insights.
Switching between programs now takes you to the same page in the selected program.
Jul 6th, 2017
Jun 27th, 2017
Individual submissions can now be printed within Crowdcontrol
Jun 23rd, 2017
Password entropy validation will be performed on any page where a password can be changed.
Public program response metrics for a program can now be viewed without logging in to the platform.
P5 submissions can now be viewed and filtered in Insights.