- Setting Up Email Submissions
- Email Forwarding
- Understanding How Email Submissions Work
- Claiming Submissions
- Customizing Your Claim Tickets
You can setup your Security Program to receive email submissions. Enabling anyone to report a vulnerability by sending an email to your organization.
Email Intake Availability: Email Intake is only available for customers with a Vulnerability Disclosure Engagement. If you are considering using Email Intake, contact your Account Manager or submit a support ticket through the Bugcrowd Support Portal so your account can be provisioned with an email address.
Setting Up Email Submissions
A Security Program can have more than one Email Intake integration, because a program can have multiple Engagements. However, only one Email Intake integration is allowed per Engagement. A Vulnerability Disclosure Engagement is configured to setup email intake, which is managed in the program’s integration settings. Submissions that are submitted through an email will be directed to the selected Engagement for tracking and management.
To create an Email Intake for a Security Program, follow these steps:
-
Select a security program from the Go to Security Program or Engagement drop-down.
-
Go to Settings and click the Integrations tab.
-
Click Email intake.
The Email intake settings page appears.
-
Once you are done filling out the email intake fields, click the Update integration button to complete updating the integration.
- Integration Status: Select Enabled to enable integration. Else, select Disabled.
- Engagement: Select an Engagement from the drop-down options.
- Setup automatic forwarding to Bugcrowd: Automatically forward the new submissions from another email address to the mentioned email.
- Allow researchers to claim submissions on Bugcrowd: Send a claim ticket notice to researchers when a new submission is received.
Email Forwarding
To help you track and reward submissions sent to an email other than the one provisioned by Bugcrowd, you can enable forwarding emails so that the claim ticket is sent to the original sender of the email.
For example, if your support organization receives an email that details a vulnerability, they can forward it to the provisioned email (for example, 12345@submit.bugcrowd.com
). The email is processed and a claim ticket is sent to the original sender, not the support organization.
Understanding How Email Submissions Work
Email submissions are enabled on a per Security Program basis. Your Account Manager will set up your program with an email address, which will be similar to uuid@submit.bugcrowd.com
.
When you receive an email at the provisioned address, a submission will be created automatically in your Security Program and will use the following information:
- Email subject line will appear in the submission’s title.
- Email content will appear in the submission’s description.
You can log into your Security Program to view and manage the submission.
Claiming Submissions
When a submission is received through email, a claim ticket is sent back to the sender. Claim tickets allow researchers to associate a submission with their Bugcrowd account so that they can receive points and discuss their findings with you. Once a researcher claims a submission, Crowdcontrol will update the submission with the researcher’s username. All unclaimed tickets will have “Known-issues” as the username.
Communicating with Researchers: You will only be able to communicate with the researcher through Crowdcontrol if they claim the submission.
Customizing Your Claim Tickets
Bugcrowd provides a claim ticket template that you can customize with a logo and text.
Customize Your Claim Ticket: Contact your Account Manager if you want to add a logo or any text to your claim tickets.