Understanding Summary Reports
The Summary Report provides information about the performance of your bug bounty or vulnerability disclosure program. If you are running an ongoing program, the Summary Report provides the information you need to find key data points and trends, so that you can assess the success and value of your program or engagement. The Summary Report is generated as a PDF file to enable sharing the performance metrics with stakeholders in your organization.
Summary Report Sections
The Summary Report includes the following sections:
- Executive summary: Provides a brief synopsis of the contents and purpose of the report.
- Reporting and methodology: Describes the diversity of testing methodologies used during the test.
- Targets and scope: Provides information about the tested targets and the Bugcrowd team members assigned to the program.
-
Findings summary: Consists of the following sub-sections:
- Findings by severity: Includes a graph that provides a high-level view of all valid assessment findings from the program based on technical severity.
- Risk and priority key: Provides detailed understanding of Bugcrowd’s Vulnerability Rating Taxonomy (VRT).
-
Appendix: Consists of the following sub-sections:
- Submissions over time: Includes a bar graph that shows the number of submissions received and validated over a period of time.
- Submissions signal: Provides the number of valid, invalid, and duplicate submissions. Also, shows the submissions that are being processed.
- Bug types overview: Includes a pie chart view of valid submissions received based on the vulnerability type and Vulnerability Rating Taxonomy.
- Closing statement: Provides a final recount of your program or engagement.
When you build the Summary Report, you can select the sections you want to include or exclude in the report.
Generating Summary Reports
To generate a Summary Report, follow these steps:
1. After logging into Crowdcontrol, select a program or engagement from the drop-down menu, and then click the Reports. The Reports page is displayed.
2. Click Generate report and then click Summary Report.
The Create Summary Report page is displayed.
3. Provide the following details:
- Report title: Title for the report.
- Select report coverage: Displays the program or engagement name for which you want to generate the report. The Program field is read-only, and the Engagement field allows you to select an engagement.
-
Date range: Specify a data range for generating the report. You can also click any of the following to specify the date range:
- All time: Includes data since program or engagement was launched.
- Last quarter: Includes program or engagement data for the last three months of the previous calendar year.
- Last month: Includes program or engagement data for the first to last day of the previous calendar month.
- Last week: Includes program or engagement data for the last week calendar date from Monday to Saturday.
-
Select sections to include in your report:
- Scope: This is the list of targets in the Targets and Scope section.
- Findings table: This is the list of submissions in the Findings summary section.
- Full vulnerability details: This will show the entire submission details in the Vulnerability details section.
- Reward details: This is the spend and payment metrics in the Appendix section.
-
Executive summary options:
- Default executive summary: Includes a brief synopsis of the contents and purpose of the report.
- Custom executive summary: Includes a template to provide flexibility for your business needs.
4. Click Generate report. You will receive an email to download the report.
The generated report is displayed as a link on the Reports page. Refresh the page to view the link.
5. Click the link to view the report details. The link opens the report on your system’s browser. You can view, download, and print the report. You can also view, download the report from the link received in your email.
Note: The report title link is active only after the PDF report is generated.
