The Program Summary Report provides information about the performance of your bounty or vulnerability disclosure program. If you are running an ongoing program, the Program Summary Report provides the information you need to find key data points and trends, so that you can assess the success and value of your program. The Program Summary Report is generated as a PDF file to enable sharing the performance metrics with stakeholders in your organization.
Program Report for On-Demand Programs: You can generate the Program Summary Reports for ongoing programs only. For on-demand programs, Bugcrowd generates the Program Summary Report and delivers it to you at the end of your program.
The Program Summary Report includes the following sections:
- Executive Summary: Provides a brief synopsis of the contents and purpose of the report.
- Reporting Methodology: Describes the diversity of testing methodologies used during the test.
- Targets and Scope: Provides information about the tested targets and the Bugcrowd team members assigned to the program.
Findings Summary: Consists of the following sub-sections:
- Findings by Severity: Includes a graph that provides a high-level view of all valid assessment findings from the program based on technical severity.
- Risk and Priority Key: Provides detailed understanding of Bugcrowd’s Vulnerability Rating Taxonomy (VRT).
- Findings Table: Provides an overview of all valid submissions for the program.
- Vulnerability Details: Provides complete data for each valid submission.
Appendix: Consists of the following sub-sections:
- Submissions Over Time: Includes a bar graph that shows the number of submissions received and validated over a period of time.
- Submissions Signal: Provides the number of valid, invalid, and duplicate submissions. Also, shows the submissions that are being processed.
- Bug Types Overview: Includes a pie chart view of valid submissions received based on the vulnerability type and Vulnerability Rating Taxonomy.
- Spendings of Program Reward Pool: Provides a high-level overview of rewards paid to the researchers.
- Top 3 Highest Paid Submissions: Provides the title, the link, and the amount rewarded for the top three paid submissions.
- Closing Statement: Provides a final recount of your program.
When you build the Program Summary Report, you can select the sections you want to include or exclude in the report.
To generate a Program Summary Report:
1. After logging into Crowdcontrol, select a program from the drop-down menu, and then click the Reports menu. The Reports page is displayed.
2. Click Generate report and then click Program Summary.
The Create Program Summary page is displayed.
3. Provide the following information:
- Report title: Title for the report.
- Bounty name: Program name for which you are generating the report.
Date range: Specify a data range for generating the report. You can also click any of the following to specify the date range:
- All time: Include all programs.
- Last quarter: Include programs in the last quarter.
- Last month: Include programs in the last month.
- Last week: Include programs in the last week.
- Select any of the following sections to include in your report:
- Table of contents: Includes table of contents.
- Target list: Includes the tested targets tested and the Bugcrowd team members assigned to the program.
- Default executive summary: Includes a brief synopsis of the contents and purpose of the report
- Submissions index: Includes the Findings Table that provides an overview of all valid submissions for the program.
- Full vulnerability details: Includes the Vulnerability Details section that provides complete data for each valid submission.
- Program reward details: Includes the Spendings of Program Reward Pool (high-level overview of rewards paid to the researchers) and the Top 3 Highest Paid Submissions (title, link, and the amount rewarded).
4. Click Generate report. You will receive an email to download the report.
The generated report is displayed as a link on the Reports page. Refresh the page to view the link.
5. Click the link to view the report details.
Note: The report title link is active only after the PDF report is generated.