Transferring an Engagement
A customer’s security needs evolve with their organization, for example, a new security team created, acquisitions, or restructures. With the ability of transferring an Engagement between Security Programs, Bugcrowd enables customers to adapt their security program structure to meet these changing security needs.
Note: Engagements can be transferred to other security programs managed in the same organization. Engagements cannot be transferred between organizations.
To transfer an engagement between security programs, follow these steps:
-
In the Bugcrowd platform, go to Organization and click Settings.
-
In the settings menu, click Transfer engagement.
The Transfer engagement page is displayed.
-
In the Origin section, select the Security Program from the drop-down that contains the engagement you wish to transfer, and then select the Engagement.
-
In the Destination section, select the Security Program from the drop-down that you wish to transfer the engagement to.
If the engagement has any non-transferrable components, the following message is displayed.
Note: The hyperlinked items displayed in the message will automatically be opened in new tabs for you to review as needed.
-
Click Next Step.
The Transfer engagement page will display, and at the top of the page it will show:
- Origin Security Program: The program the engagement is to be migrated from.
- Engagement: The engagement being transferred.
- Destination Security Program: The program the engagement is being transferred to.
Before confirming the engagement transfer, review the “Transferable components” and “Non-transferable components” sections (if available) and provide your input.
-
Select the checkbox to acknowledge that you understand the non-transferrable components will not be migrated and will need to be configured manually if desired in the destination Security Program.
-
Click Confirm and move.
A message showing Engagement transfer in progress is displayed.
An Engagement transfer complete message is displayed. The transferred and non-transferred components are displayed for confirmation.
A confirmation email will also be sent to you. The email contains a list of all the transferred and non-transferred components.
If the transfer fails, a Engagement transfer was unsuccessful message is displayed and an email will be sent with a suggestion to contact Bugcrowd support.
Transferrable Components
The following components that are transferred with an engagement include:
- Brief
- Changelogs
- Announcements
- Notes
- Summary Page
- Researchers page
- Researcher invites for private engagements
- Submissions: Activities, comments, and associated duplicate submissions
- Credentials not shared with other engagements
- Non-Disclosure Agreements (NDAs) that are not shared with other engagements
- Reserved On Demand engagement reward pool
- Embedded Submission Form, Email Intake, and Traffic Control
Non-Transferrable Components
The components that do not get transferred with the engagements are:
Non-transferable Engagement Components:
- Certain types of integrations due to complexity (like Jira, Service Now, Slack, Outgoing Webhooks, etc.)
- Non-Disclosure Agreements (NDAs) being used by multiple engagements including the engagement being transferred
- Credentials being used by multiple engagements including the engagement being transferred
- Hacker bans
- Platform reports
Non-transferable Security Program Components:
- Auto assign
- Auto Assign Triaged
- Custom submission fields
- Customer notification emails
- CVSS Calculator & scoring
- Embedded Attachment Auto
- Low balance threshold for pools
- MFA if required
- Remediation
- Retesting
- Service level
If you have questions or need assistance with manually setting these non-transferrable components up in the destination Security Program, please submit a support ticket to Bugcrowd Support.
