Coordinated Disclosure Request

A disclosed report is visible to the public in CrowdStream and contains a summary that you and the researcher have provided. It includes information such as program name, submission title, reward amount, VRT priority, and a timeline of activity in this submission.

A researcher can request to disclose the submission report if the Coordinated disclosure option is enabled in CrowdStream setting. It is enabled by default. In case it is disabled, then for information to enable coordinated disclosure, see enabling disclosure of submissions.

If a submission was created before disabling coordinated disclosure for a program, then the researcher can request the disclosure report and you can process the request. If a submission was created after disabling coordinated disclosure, then the researcher will not be able to request a disclosure report for that submission.

Viewing Disclosure Request

When a researcher sends a disclosure request for a submission, you can view the request in the submission’s Disclosure request section. You can either approve or deny the disclosure request. Make sure you read the public disclosure policy.

view

Approving Disclosure Request

In the Respond to disclosure request section, select Approve disclosure request. Additional fields are displayed.

approve

You can add your own summary for this vulnerability and/or change the level that was set by the researcher (if required). You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

Click Publish disclosure.

publish

The disclosure is published and the researcher is notified. The following message is displayed and the submission report summary will be visible to the public in CrowdStream.

request-approved-message

You can click View disclosed report to view the submission report that is published. The following image shows the disclosed report with full visibility.

full-visibility

The following image shows a disclosed report with limited visibility.

limited-visibility

Saving Summary

If you want to save the details and publish at a later time, click Save summary.

save-summary

The Report summary saved message is displayed and the button name changes to Summary saved.

summary-saved-button

Denying Disclosure Request

In the Respond to disclosure request section, select Deny disclosure request.

denying-request

Provide the reason for denying the disclosure request and click Deny disclosure. You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

The following message is displayed in the Disclosure request section of the submission and the researcher is notified.

request-denied-message

Viewing Cancelled Disclosure Request

If the researcher cancels the disclosure request, then the following message is displayed in the Disclosure request section of the submission.

request-cancelled-message


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management