Auto Escalation

When a critical vulnerability is discovered, it is pertinent the right people are notified immediately to ensure it is quickly remediated. To best ensure users are aware of submissions that need immediate attention, Crowdcontrol offers auto-escalation functionality that will automatically kick-off an email notifying selected email addresses of a critical (P1) submission. The email notification will be sent after a Bugcrowd Application Security Engineer has triaged and confirmed a P1 vulnerability has been found. Set up a list of email addresses in Crowdcontrol to ensure the right people are notified so they can take action and eliminate the risk.

Single Email to Group Per Escalation: A single email will be sent per escalated submission to the entire mailing list of recipients (5 min delay).

Setting Up Auto-Escalation

To set up the auto-escalation, you’ll need to be an organization owner or program admin, and complete the following:

Per Program Basis: Auto-escalation can be enabled on a per program basis ONLY.

  1. Navigate to Settings.

    Go to the Settings page of your program located on the right side of the Crowdcontrol navbar.


  2. Select the Manage Team tab.


  3. On the right-hand side of the Manage Team page, enter one or more email addresses of the team members to be notified by email whenever a submission has been triaged as a critical (P1) vulnerability. To add an email, enter an email address and select the ADD button.


Removing Email Address for Critical Submission Auto-Escalation

To remove an email address from the critical submissions auto-escalation list, click REMOVE next to the email address you would like to remove. Removing an email address from this list will ensure automated notification emails will no longer be sent to the removed email address.


Example of Auto-Escalation Email