Email Intake

To make it easier for researchers to report bugs, you can set up your program to receive email submissions. Anyone who wants to report a bug can send an email to your organization. Crowdcontrol will take care of everything else.

Important Notice-Email Intake Availability: Email Intake is only available for customers with a Vulnerability Disclosure Program (VDP). If you are considering using Email Intake, contact your Account Manager or send an email to support@bugcrowd.com so that your account can be provisioned with an email address.

Setting Up Email Submissions

To set up email submissions:

  1. After selecting the required program, click Settings and then click Integrations.

    After selecting the required program, click Settings and then click Integrations

    The Integrations page is displayed.

  2. Click the Add Integration for Email intake.

    add integration for email intake

    The Email Intake Settings page is displayed.

  3. Specify the following:

    • Integration Status: Select Enabled to enable integration. Else, select Disabled.
    • Setup automatic forwarding to Bugcrowd: Automatically forward the new submissions from another email address to ecorpusavdp-npcev@submit.bugcrowd.com.
    • Allow researchers to claim submissions on Bugcrowd: Send a claim ticket notice to researchers when a new submission is received.

    Email intake settings

  4. Click Update integration.

    The email address assigned for your program is displayed.

    Email address assigned for your program

    You can share this email address through your regular disclosure channels, such as your security webpage or disclosure program. When someone reports a bug to the email address, a submission will be automatically created in Crowdcontrol for you to review.

    You will know Email Intake is enabled when you see Connected in the Integrations page:

    email-intake-connected

Email Forwarding

To help you track and reward submissions sent to an email other than the one provisioned by Bugcrowd, you can enable forwarding emails so that the claim ticket is sent to the original sender of the email.

For example, if your support organization receives an email that details a vulnerability, they can forward it to the provisioned email (for example, 12345@submit.bugcrowd.com). The email is processed and a claim ticket is sent to the original sender, not the support organization.

Understanding How Email Submissions Work

Email submissions are enabled on a per program basis. Your account manager will set up your program with an email address, which will be similar to uuid@submit.bugcrowd.com.

When you receive an email at the provisioned address, a submission will be created automatically in Crowdcontrol and will use the following information:

  • Email subject will appear in the submission’s title.
  • Email content will appear in the submission’s description.

You can log in to Crowdcontrol to view and manage the submission.

Claiming Submissions

When a submission is received through email, a claim ticket is sent back to the sender. Claim tickets allow researchers to associate a submission with their Bugcrowd account so that they can receive points and discuss their findings with you. Once a researcher claims a submission, Crowdcontrol will update the submission with the researcher’s username. All unclaimed tickets will have “Known-issues” as the username.

Important Notice-Communicating with Researchers: You will only be able to communicate with the researcher through Crowdcontrol if they claim the submission.

Customizing Your Claim Tickets

Bugcrowd provides a claim ticket template that you can customize with a logo and text.

Action Required-Customize Your Claim Ticket: Contact your Account Manager if you want to add a logo or any text to your claim tickets.


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management