Adding Vulnerability Disclosure Program

A Vulnerability Disclosure Program is a points-based managed submission channel for vulnerabilities discovered across any of your internet facing assets.

The steps to add a vulnerability disclosure program are:

  1. Provide a program name
  2. Set targets
  3. Specify terms and conditions
  4. Add look and feel
  5. Schedule program launch
  6. Review details and submit

To add a Vulnerability Disclosure Program:

  1. In the Select an engagement to launch window, click Start for Vulnerability Disclosure Program. select-engagement

    The Step 1: Program Name page is displayed.

  2. Provide a name for your program and click Next step. program-name The Step 2: Set targets page is displayed. Also, the Grant created message is displayed.

  3. Click Add target to add the target that must be tested. You can add multiple targets. set-target The Add a target pop-up window is displayed.

  4. Specify the following information:

    • Target Name (URL/Location): Select a target from the drop-down menu or specify a new target.
    • Category: If you select an existing target name, then the category is displayed by default. If you have specified a new target name, then select the required category:

      • Website
      • API
      • iOS
      • Android
      • IoT
      • Hardware
      • Other

    add-target

  5. Click Add. click-add The target is added and the Target added to the program scope message is displayed.

    If you want to edit the target details, click the icon in the Actions column. edit-target

  6. Click Next step. next-step The Step 3: Terms and conditions page is displayed.

  7. You can enable or disable the following options:

    • Use Bugcrowd’s Vulnerability Rating Taxonomy
    • Encourage disclosure of non-target issues
    • Safe harbor agreement
    • Co-ordinated disclosure

    To enable, move the slider to the right. To disable, move the slider to the left. By default, all the options are enabled. terms-conditions

  8. Click Next step. The Step 4: Add look and feel page is displayed.

  9. Specify the following information:

    • Upload a logo: Click Upload logo and specify a logo for your program.
    • Enter a background color for your logo: Provide a RGB hex value for the background color of the logo.
    • Tagline: Provide a tagline for your program.
    • Introduction: Provide a description for your program. This will be displayed as the first paragraph in your Program brief.

    After specifying the information, click Update preview for viewing your changes. add-look-feel

  10. Click Next step. The Step 5: Schedule launch page is displayed.

  11. Specify the following information:

    • Preferred private launch timeline: Select an option to indicate when you want the program to start:
      • As soon as possible (default)
      • Within a month
      • More than a month
    • Preferred public launch timeline: Select an option to indicate when you want the launch the program as public after the private launch:
      • Soon after private launch (default)
      • A month after private launch
      • More than a month after private launch

    schedule-launch

  12. Click Next step. The Step 6: Review and submit page is displayed. Review the information that you have provided. In case you want to modify any details, click Edit and make the changes. review-submit

  13. Click Submit. click-submit The Your program has been provisioned message is displayed. Bugcrowd will contact you to review and launch the program. last-page


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management