- Navigating through Tasks
- Viewing Task within Submissions Page
- Completing Tasks
- Weekly Email Notification for Outstanding Tasks
Tasks are units of work on the Crowdcontrol platform, each is tied to a task type that defines who needs to complete the work, the actions that can complete it, and the time expected it to be completed in. Every user from our internal staff, researchers and customers have tasks that are expected to be completed by them. This enables ultimately flexibility in our platform workflow while ensuring every task gets tracked and completed to ensure nothing is left behind.
After you log into Crowdcontrol, click the Tasks tab to view all outstanding tasks across your programs.
You can click the following sub-tabs to view the tasks based on the task type:
Unblock: Submissions that require clarification to allow Bugcrowd to complete triage.
Accept: Triaged submissions to confirm your organization plans to resolve the finding.
Reward: Accepted submissions that have an expected reward according to the bounty brief.
Disclosure: Review and approve or deny disclosure requests.
You can also use the drop-down list to filter and view the tasks based on a particular program.
The tasks are sorted based on when they are expected to be completed by.
Navigating through Tasks
When you are viewing a particular task, you can use the following links for navigation:
- Back to tasks: Go back to the task list view.
- Next task: Displays the next task according to the filtering you selected.
Viewing Task within Submissions Page
Access the task’s associated submission by clicking on View in Submissions.
Expected time to Complete
The deadline for completing tasks are:
- Unblock: 10 business days or less after it is blocked
- Accept: 10 business days or less after it is triaged
- Reward: 7 business days or less after it is accepted
- Disclosure: 90 business days or less after it is requested
After you complete a the task, the next task is automatically displayed. You cannot view a task once it’s been completed, one will need to browse to the related submission to see details.
Help clarify context around a submission by unblocking it.
Click Unblock with Comment.
Add the details and click Unblock.
Approve a submission that was triaged as a unique finding if it’s something your organization will address.
To accept the submission, click Accept and select the status as Unresolved if it has yet to be fixed or Resolved if the fix has already been completed.
If the submission is not something your team intends to fix or doesn’t view the finding as a vulnerability, click Reject and select the appropriate status.
Pay for a researcher’s accepted submission with a reward.
Click Add reward.
Specify the Reward amount and add any notes to the researcher (optional), then one can click Pay.
Approving or Denying Disclosure Requests
All pending disclosures that need to be approved or denied are displayed on the Disclosure tab. Click on a pending disclosure request.
The Review disclosure request page is displayed. Review the draft report on this page.
You can add a summary in the Summary by your organization section and click Save to approval. This will be added if you approve the disclosure request. Also, scroll down to preview the submission details that will be included as part of the disclosure. By default, full details are displayed.
Click Limited to view limited information.
After you review the draft report, scroll back on top and click Review to approve or deny the disclosure request.
The Review disclosure request window is displayed.
To approve the disclosure request, select Approve the summary provided by the researcher and click Approve & Publish disclosure.
The Disclosure report approved message is displayed. Also, the task is completed and you will be redirected to the next task.
To deny the disclosure request, select Deny disclosure of this vulnerability. Provide a reason for denying the disclosure and click Deny disclosure.
The Disclosure report denied message is displayed. Also, the task is completed and you will be redirected to the next task.
It is recommended to approve or deny the disclosure request only after the submission is accepted or rejected.
Clicking View in Submissions redirects you to the submission for which you need to respond to the disclosure request.
Weekly Email Notification for Outstanding Tasks
If you are a Program Owner or Administrator, you can receive a notification email once a week that will help you manage delayed actions such as rewarding, accepting, and resolving blockers for submissions. The notification email include accept, unblock and reward tasks that are outstanding and past our platform SLA to help your organization prioritize.
To enable this beta feature, contact your Account Manager or submit a support ticket through the Bugcrowd Support Portal.
The following image shows a sample email notification.