Commenting

ASEs identify critical customer comments and prioritize responding to them. You can only send messages to everyone (visible to researchers, Bugcrowd, and your own team) or Bugcrowd.

When adding comments, you can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

Adding a comment

To add a comment or send a message:

  1. Go to the Activity section of a submission and click Send a message.

    send-message

  2. In To, select one of the following based on whom you want to send the message to:

    • Bugcrowd: Send an internal message visible to your team and the Bugcrowd team.
    • Everyone: Send message to everyone involved in the submission and the general public (if you and the researcher agree to disclose the report)

    send-message-options

  3. In the text box, type the message. You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

    You can upload attachments for providing detailed information. For more information, see upload an attachment with your comment

    description

  4. Click Send message.

    The message is sent and it is visible in the submission activity stream. The researcher will receive an email notification that you have commented on their submission for additional information from them. Even if the submission is not yet claimed, the email notification is sent to the researcher.

    click-send-message

    Replying Directly to External Researcher: The Reply to (researcher) option is unavailable for submissions made anonymously (through the embedded form without providing an email address) or has no associated researcher (example, through Qualys).

Adding Blocker

You can add a blocker for a submission. For information about blockers, see blockers.

Viewing Submission Activities

Each submission has an activity stream that maintains a history log of all actions, comments, and changes that have been made to a submission and a record of the person who made the changes. The activities are displayed in colors based on to whom the message was sent:

  • Everyone - Displayed in grey
  • Bugcrowd - Displayed in pink

submission-activities

Subscribing to a Submission When you comment on a submission, you automatically subscribe to receive updates for that submission. Learn more about submissions and how to unsubscribe from them.

When adding a comment, you can notify a team member directly by mentioning their name using the “@” key. This is useful when you need to alert someone who is not currently assigned or subscribed to a submission.

Mention the Application Security Engineer on-staff for your submission by mentioning @Bugcrowd.

Uploading an Attachment with Your Comment

When replying to a researcher or sending a private message, you can click Add attachments and attach a video, image, or PDF. This helps you share sensitive information without uploading it to third party.

add-attachment

Browse to the location of the file you want to upload. You can attach up to five files at a time. The supported file types are avi, gif, jpg, mov, mpeg, and pdf.

The size of each uploaded file cannot exceed 100 MB.

The attached files are displayed as shown. To delete an attachment,. click X icon.

attachments-uploaded

Editing a Comment

Editing prior to notifications: If you are able to edit the comment within two minutes the notifications to other users around the comment will use the updated text. Integrations will trigger immediately and will not receive the updated text.

You can edit comments and/or private notes.

To edit a comment, click the icon on the right side of the comment and click Edit.

edit-comment

Make the required changes and click Save Message.

save-comment

The Comment Updated message is displayed.

Deleting a Comment

You can delete comments and/or private notes.

To edit a comment, click the icon on the right side of the comment and click Delete.

delete

A pop-up message asking for confirmation is displayed. Click OK. The comment is deleted and [DELETED] is displayed in the activity feed.

deleted-message