Enabling Remediation Advice
You can enable remediation advice for all submissions in your program. Once enabled, you’ll be able to quickly learn how to address a vulnerability directly from the submission.
To add remediation advice to your submissions, go to Settings > Submissions. On the Fields and Settings page scroll down to enable the toggle key in the Remediation advice section.
To enable, toggle remediation advice to the right as shown in the image below.
Once activated, you’ll see two new fields on the Additional fields page:
- Remediation Advice - Provides guidance for fixing a vulnerability.
- References - Provides links to industry standard sites, like OWASP, CVE, and CWE, to provide you with more detailed description and context for the vulnerability.
The remediation advice and references will automatically populate on your submissions based on the VRT rating assigned to the submission. For more information on our VRT, see https://bugcrowd.com/vulnerability-rating-taxonomy.
Editing the Remediation Advice
The Remediation Advice and References fields can be edited on a per-submission basis. To help better enable development, you may want to add additional information or edit the advice to best fit your business case.
To edit the Remediation Advice or References field, click the Edit icon within the section.
The section will display as editable markdown. You can change the information however you’d like. The information for the field you’ve modified will not be overwritten by any updates to the VRT. Customized remediation advice and references will always take precedence over the information from the VRT.