Viewing Tasks

Tasks are units of work on the Crowdcontrol platform, each is tied to a task type that defines who needs to complete the work, the actions that can complete it, and the time expected it to be completed in. Every user from our internal staff, researchers and customers have tasks that are expected to be completed by them. This enables ultimately flexibility in our platform workflow while ensuring every task gets tracked and completed to ensure nothing is left behind.

After you log into Crowdcontrol, click the Tasks tab to view all outstanding tasks across your programs.

all-tasks

Filtering

You can click the following sub-tabs to view the tasks based on the task type:

Unblock: Submissions that require clarification to allow Bugcrowd to complete triage.

unblock-tasks

Accept: Triaged submissions to confirm your organization plans to resolve the finding.

accept-tasks

Reward: Accepted submissions that have an expected reward according to the bounty brief.

reward-tasks

Disclosure: Review and approve or deny disclosure requests.

disclosure

You can also use the drop-down list to filter and view the tasks based on a particular program.

tasks-by-program

The tasks are sorted based on when they are expected to be completed by.

sort-deadlines

When you are viewing a particular task, you can use the following links for navigation:

  • Back to tasks: Go back to the task list view.
  • Next task: Displays the next task according to the filtering you selected.

back-to-tasks-next-task

Viewing Task within Submissions Page

Access the task’s associated submission by clicking on View in Submissions.

view-in-submissions

Completing Tasks

Expected time to Complete

The deadline for completing tasks are:

  • Unblock: 10 business days or less after it is blocked
  • Accept: 10 business days or less after it is triaged
  • Reward: 7 business days or less after it is accepted
  • Disclosure: 90 business days or less after it is requested

After you complete a the task, the next task is automatically displayed. You cannot view a task once it’s been completed, one will need to browse to the related submission to see details.

Unblocking Submissions

Help clarify context around a submission by unblocking it.

  1. Click Unblock with Comment.

    unblock-comment

  2. Add the details and click Unblock.

    unblock-comment-box

Reviewing Submissions

Approve a submission that was triaged as a unique finding if it’s something your organization will address.

  1. To accept the submission, click Accept and select the status as Unresolved if it has yet to be fixed or Resolved if the fix has already been completed.

    accept-select-status

  2. If the submission is not something your team intends to fix or doesn’t view the finding as a vulnerability, click Reject and select the appropriate status.

    reject-select-status

Rewarding Submissions

Pay for a researcher’s accepted submission with a reward.

  1. Click Add reward.

    add-reward

  2. Specify the Reward amount and add any notes to the researcher (optional), then one can click Pay.

    pay-reward-amount

Approving or Denying Disclosure Requests

All pending disclosures that need to be approved or denied are displayed on the Disclosure tab. Click on a pending disclosure request.

click-disclosure-requests

The Review disclosure request page is displayed. Review the draft report on this page.

review-disclosure-request

You can add a summary in the Summary by your organization section and click Save to approval. This will be added if you approve the disclosure request. Also, scroll down to preview the submission details that will be included as part of the disclosure. By default, full details are displayed.

preview-full-details

Click Limited to view limited information.

preview-limited-details

After you review the draft report, scroll back on top and click Review to approve or deny the disclosure request.

click-review

The Review disclosure request window is displayed.

To approve the disclosure request, select Approve the summary provided by the researcher and click Approve & Publish disclosure.

approve-disclosure-request

The Disclosure report approved message is displayed. Also, the task is completed and you will be redirected to the next task.

To deny the disclosure request, select Deny disclosure of this vulnerability. Provide a reason for denying the disclosure and click Deny disclosure.

deny-disclosure-request

The Disclosure report denied message is displayed. Also, the task is completed and you will be redirected to the next task.

It is recommended to approve or deny the disclosure request only after the submission is accepted or rejected.

Clicking View in Submissions redirects you to the submission for which you need to respond to the disclosure request.

view-in-submission-disclosure

Weekly Email Notification for Outstanding Tasks

If you are a Program Owner or Administrator, you can receive a notification email once a week that will help you manage delayed actions such as rewarding, accepting, and resolving blockers for submissions. The notification email include accept, unblock and reward tasks that are outstanding and past our platform SLA to help your organization prioritize.

To enable this beta feature, contact your Account Manager or submit a support ticket through the Bugcrowd Support Portal.

The following image shows a sample email notification.

email-notification


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management