Customer Changelog

Stay in the loop on the latest for Customers

Subscribe to customer specific updates at

Jun 11th, 2024
Jun 11th, 2024
Jun 11th, 2024
Jun 11th, 2024
May 29th, 2024
May 29th, 2024
May 7th, 2024
Apr 25th, 2024
Apr 22nd, 2024
Apr 10th, 2024
Dec 18th, 2023
Nov 28th, 2023
Nov 27th, 2023
Nov 27th, 2023
Nov 6th, 2023
Oct 12th, 2023
Sep 27th, 2023
Sep 26th, 2023
Aug 29th, 2023
May 9th, 2023
May 8th, 2023
Apr 5th, 2023
Mar 16th, 2023
Mar 9th, 2023
Jan 26th, 2023
Jan 26th, 2023
Dec 7th, 2022
Oct 24th, 2022
Oct 24th, 2022
Aug 4th, 2022
May 12th, 2022
May 12th, 2022
Mar 25th, 2022
Mar 22nd, 2022
Mar 22nd, 2022
Feb 24th, 2022
Jan 12th, 2022
Dec 21st, 2021
Dec 15th, 2021
Dec 15th, 2021
Sep 24th, 2021
Jul 12th, 2021
Jun 21st, 2021
Jun 10th, 2021
Jun 3rd, 2021
May 11th, 2021
May 2nd, 2021
Apr 16th, 2021

Updated with VRT 1.10

  • Introduced a variant for OAuth Accounting Squatting classified as a P4

  • Secure Code Warrior developed a VRT mapping to their developer training

  • Improved
  • Extended support for Automotive categorization, developed in collaboration with Stellantis.

  • Downgraded all Flash-based entries to a rating of P5

  • Improved existing remediation advice for a number of entries

  • Simplified Weak Login Function entries with a baseline severity rating of P4

Apr 14th, 2021
Apr 5th, 2021
Feb 4th, 2021
Jan 15th, 2021

Improved data fidelity and organization with Target Group

  • Better describe Targets with their new technology attributes and get Researchers there faster with a cleaner URL experience

  • Detail a set of targets via Target Group descriptions

  • Define a reward range per set of targets with recommendations presented when rewarding

  • Improved
  • Documented days of operation relative to triage and researcher payments

Dec 17th, 2020

Accounting Management

Nov 5th, 2020

Task List

Sep 9th, 2020

New Documentation Site

Aug 22nd, 2020
Jul 30th, 2020
Apr 16th, 2020

Attack Surface Management Asset Inventory - Dashboards and other updates

  • New features in Attack Surface Management:Asset Inventory - Dashboards and other updates

Mar 31st, 2020

New features in Attack Surface Management - Asset Inventory

  • New features in Attack Surface Management - Asset Inventory

Mar 28th, 2020
Mar 25th, 2020
Mar 5th, 2020
Dec 20th, 2019
Nov 29th, 2019
Oct 23rd, 2019

Program Announcements

Aug 21st, 2019
Aug 13th, 2019
May 8th, 2019

Public Program Credential Support and Improved Target Management

May 3rd, 2019
Apr 11th, 2019
Apr 10th, 2019

Retesting Update

Apr 2nd, 2019

Program Search Launched

  • Renamed Additional Fields tab to Fields and Settings

  • Renamed Known Issues tab to Import Issues

Mar 20th, 2019

Integration Updates

Mar 14th, 2019

Updating to VRT 1.7

  • Automative Security Misconfiguration category

  • Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.

  • Two new P4’s related to 2FA Secret Management

  • Improved
  • Remediation Advice links to latest OWASP Documentation

Feb 20th, 2019
Feb 16th, 2019

Comparison Operators for Dates

  • Tokenized date search

Feb 16th, 2019
Feb 16th, 2019

Bugcrowd mention

Dec 18th, 2018
Dec 18th, 2018

Application Security Engineer Listed

  • Application Security Engineer listed

Dec 17th, 2018

File Support Update

  • Platform supports 100MB for all file uploads

Nov 2nd, 2018
Nov 1st, 2018
Oct 30th, 2018
Oct 26th, 2018
Oct 3rd, 2018
Sep 24th, 2018

Crowdcontrol Improves Adjusted Payment Workflow

  • Adjusting mistaken rewards workflow updated, Customers can send mail to

Sep 22nd, 2018
Sep 19th, 2018
Aug 16th, 2018
Aug 16th, 2018

Crowdcontrol Usability More Intuitive

Aug 7th, 2018
Jul 11th, 2018

Improved Platform Usability

Jul 3rd, 2018

Advanced Crowdcontrol UX

  • Unique Avatars - distinct default avatars to easily identify users. (Customer

  • Hover over avatar to show a user’s email address.

  • Highlight recently updated on the Programs page

  • Indication on customer’s programs page which programs are demos.

  • Leveraging program or user images for unfurling.

  • Improved
  • Use Crowdcontrol on the go, now with a responsive navigation bar.

  • Change states without needing to dismiss thanks to notifications shown below the customer state dropdown.

Jul 2nd, 2018
Jun 21st, 2018
Jun 19th, 2018

Updating to VRT 1.4

Apr 21st, 2018

Enhance Program Metrics

  • Transaction Times within insights take into account skipped states

  • Validation Time within the Bounty Brief takes into account submissions that have not been validated yet

  • Improved
  • Bounty average payouts only include first to find, P1-4 payouts

Apr 17th, 2018

Heightened Platform Security and Usability

  • Remove timeout, instead using re-authentication prompts.

  • Interactive Session Management UI

  • Improved
  • Added SSO indicators for authentications within the Session Management interface

Apr 17th, 2018
Feb 16th, 2018

New Crowdcontrol Enhancements Add Improved Platform Efficiencies

Jan 17th, 2018

Improved Program Performance Tracking and Platform Efficiency

Dec 22nd, 2017
Nov 22nd, 2017

New Submission Search Bar and Filtering

  • Search bar has been launched within Crowcontrol

  • Improved
  • Known issue import no longer requires submitted_at to be set, defaulting to the current time.

  • Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.

Oct 19th, 2017

Improved Efficiency with CVSS and Notifications

  • CVSS scores get backfilled based on VRT after enabled on a program

  • Easy to track email notifications now with threading grouped by submissions are delivered as a thread within email clients

Oct 10th, 2017

Added CVSS Calculator

  • Organizations can manage submission severity with CVSS v3

Oct 4th, 2017

Introducing VRT 1.3

  • VRT v1.3 is shipped

Sep 26th, 2017

New Notification Management and Downloadable Data

  • View and manage your notifications all from the new notifications page.

  • Download CSV of reward data from Crowdcontrol.

Sep 22nd, 2017

New Embedded Submission Form

Sep 15th, 2017

Improved Notifications

  • Viewing unread notifications automatically marks them as read

Sep 6th, 2017

Seamless Crowdcontrol Quick Search

  • Enable syntax highlighting in your fenced code blocks when writing or commenting on a submission.

  • Use Quick Search to find exactly what you’re looking for in Crowdcontrol.

Aug 11th, 2017

VRT 1.2, Improved Functionality, and New Integration

  • Attach a file to comments within Crowdcontrol.

  • Import known issues found in Qualys WAS scans into Crowdcontrol

  • Improved
  • v1.2 of the VRT is available

  • Custom fields now support up to 2048 characters.

Aug 1st, 2017

Slack Integration

Jul 26th, 2017

VRT Goes Open Source

  • VRT gem is now open sourced

Jul 17th, 2017

Enhanced Reporting

  • Rewards are now listed in the order in which they were rewarded.

  • Added
  • CSV exports of submissions now include information about the target (name and category) and the source of the submission.

Jul 13th, 2017

Simplified Workflow and Improved Filtering

  • source filters are now available in Insights.

  • Switching between programs now takes you to the same page in the selected program.

Jul 6th, 2017

Improved Clarity and Workflow

  • Researchers can now upload an attachment to a comment

  • New and Triaged submissions can be auto-assigned to a team member.

Jun 27th, 2017

Print a Submission

  • Individual submissions can now be printed within Crowdcontrol

Jun 23rd, 2017

Improved Security and Transparency

  • Password entropy validation will be performed on any page where a password can be changed.

  • Public program response metrics for a program can now be viewed without logging in to the platform.

  • P5 submissions can now be viewed and filtered in Insights.