Program Performance

On the Insights dashboard, in the Performance section, you can view a snapshot of your program efficiency rating. This helps to identify the average time required for transitioning a submission through the complete workflow (as per the preceding steps).

The following image shows the performance metrics for the three stages in the workflow. Also, it displays the transition time based on severity.

Insights Program Performance

Workflow Integration-Sync Jira Issues with Crowdcontrol: Integrate your application security workflow with bi-directional Jira. Utilizing the Jira integration enables you to automatically create a Jira ticket with a single click on the Crowdcontrol platform. Also, this integration automatically moves a submission from Unresolved to Resolved after closing the associated issue in Jira. For more information about workflow integration with Jira, see Jira.

Triaging Submissions

When researchers submit new submissions, the submissions are in the New state. Bugcrowd’s Security Analysts identify the valid vulnerability submissions and change the state to Triaged. The triaged submissions are transitioned to the security teams.

In the following image, the value in Days in triage indicates the average number of days taken to triage and transition valid vulnerability submission.

Insights Dashboard Performance Days in Triage

Reviewing Submissions

When the security team receives the triaged submission, they review and reconfirm whether the vulnerability is valid and requires a fix. If it requires a fix, then the submission state is changed to Unresolved and transitioned to the development team.

In the following image, the value in the Days in review indicates the average number of days taken for a submission to transition to Unresolved state.

Insights Dashboard Performance Days in Review

Fixing Submissions

When the development team receives an unresolved submission, they fix the vulnerability and the submission is transitioned from Unresolved to Resolved state.

In the following image, the value in the Days to fix indicates the average number of days taken for a submission to transition to Resolved state.

Insights Dashboard Performance Days to Fix

Transition Time Based on Severity

The Transition times by severity section shows the average time taken for submissions to transition through the workflow based on the vulnerabilities’ technical severity.

Insights Dashboard Performance Days Transition Time Severity


Onboarding
Account Management
Security Program Management
Engagement Management
Reporting
Submission Management
Integration Management