Adding Remediation Advice

Prioritizing and mitigating risk is a challenging task. It takes a lot of time, knowledge, and resources validate and remediate reported vulnerabilities. The good news is that there is remediation advice available that can help you address vulnerabilities as quickly as possible.

Enabling Remediation Advice

You can enable remediation advice for all submissions in your program. Once enabled, you’ll be able to quickly learn how to address a vulnerability directly from the submission.

vulnerability

To add remediation advice to your submissions, go to Settings > Submissions. On the Fields and Settings page scroll down to enable the toggle key in the Remediation advice section.

remediation-advice

To enable, toggle remediation advice to the right as shown in the image below.

enable-ra

Once activated, you’ll see two new fields on the Additional fields page:

  • Remediation Advice - Provides guidance for fixing a vulnerability.
  • References - Provides links to industry standard sites, like OWASP, CVE, and CWE, to provide you with more detailed description and context for the vulnerability.

The remediation advice and references will automatically populate on your submissions based on the VRT rating assigned to the submission. For more information on our VRT, see https://bugcrowd.com/vulnerability-rating-taxonomy.

Editing the Remediation Advice

The Remediation Advice and References fields can be edited on a per-submission basis. To help better enable development, you may want to add additional information or edit the advice to best fit your business case.

To edit the Remediation Advice or References field, click the Edit icon within the section.

edit-ra

The section will display as editable markdown. You can change the information however you’d like. The information for the field you’ve modified will not be overwritten by any updates to the VRT. Customized remediation advice and references will always take precedence over the information from the VRT.


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management