Messaging

You are able to send two types of messages:

  • Bugcrowd: The message is visible to your team and Bugcrowd.
  • Everyone: The message is visible to everyone involved in the submission (your team, Bugcrowd, and researchers).

When adding a message, you can style your text using the Markdown syntax. For more information, see using markdown for formatting content.

Additionally, Bugcrowd Application Security Engineers (ASEs) will identify and prioritize responding to critical customer comments.

Adding a Message

To send a message:

  1. Go to the Activity section of a submission and click Send a message.

    send-message

  2. In To, select one of the following based on whom you want to send the message to:

    • Bugcrowd - Privately: Send a message that is visible to your team and Bugcrowd.
    • Everyone: Send message to everyone involved in the submission and the general public (if you and the researcher agree to disclose the report).

    send-message-options

  3. Type your message in the text box. You can use Markdown syntax.

    description

  4. Click Send message.

    Once the message is sent, then it will be visible in the submission Activity stream for the appropriate users depending on the type of message you selected.

    If the message is visible to the researcher, then they will receive an email notification that you have commented on their submission and directed to review it. Even if the submission is not yet claimed, the email notification is sent to the researcher.

    click-send-message

Adding a Blocker

Blockers help identify a submission that requires additional actions or information from you or the researcher. You can add a blocker to a submission. For more information, see Blockers.

Viewing Submission Activities

Each submission has an Activity stream that maintains a history log of all actions, messages, and changes that have been made to a submission and a record of the person who made the changes.

The activities are displayed in colors based on to whom the message was sent:

  • Everyone - Displayed in grey
  • Bugcrowd - Displayed in yellow

submission-activities

Subscribing to a Submission: When you message on a submission, you automatically subscribe to receive updates for that submission. Learn more about submissions and how to unsubscribe from them.

When adding a message, you can notify a team member directly by mentioning their name using the “@” key. This is useful when you need to alert someone who is not currently assigned or subscribed to a submission.

Mention the Application Security Engineer on-staff for your submission by mentioning @Bugcrowd.

Uploading an Attachment with Your Message

When replying to a researcher or sending a private message, you can click Add attachments to attach a video, image, or PDF. This helps you share sensitive information without uploading it to third party.

add-attachment

Browse to the location of the file you want to upload. You can attach up to twenty files at a time. The supported file types are jpg, gif, and png.

The size of each uploaded file cannot exceed 400MiB.

The attached files are displayed as shown. To delete an attachment, click X icon.

attachments-uploaded

Editing a Message

Editing prior to notifications: If you are able to edit a message within two minutes after posting it, then the notifications to other users will use the updated text. Integrations will trigger immediately and will not receive the updated text.

You can edit messages and/or private notes.

To edit a message, click the icon on the right side of the comment and click Edit.

edit-comment

Make the required changes and click Save message.

save-comment

The Comment updated message is displayed.

Deleting a Message

To delete a message, click the icon on the right side of the comment and click Delete.

delete

A pop-up message asking for confirmation is displayed. Click OK.

The message is deleted and [DELETED] is displayed in the Activity feed.

deleted-message