On the Insights dashboard, in the Performance section, you can view a snapshot of your program efficiency rating. This helps to identify the average time required for transitioning a submission through the complete workflow (as per the preceding steps).
The following image shows the performance metrics for the three stages in the workflow. Also, it displays the transition time based on severity.
Workflow Integration-Sync Jira Issues with Crowdcontrol: Integrate your application security workflow with bi-directional Jira. Utilizing the Jira integration enables you to automatically create a Jira ticket with a single click on the Crowdcontrol platform. Also, this integration automatically moves a submission from
Resolved after closing the associated issue in Jira. For more information about workflow integration with Jira, see Jira.
When researchers submit new submissions, the submissions are in the New state. Bugcrowd’s Security Analysts identify the valid vulnerability submissions and change the state to Triaged. The triaged submissions are transitioned to the security teams.
In the following image, the value in Days in triage indicates the average number of days taken to triage and transition valid vulnerability submission.
When the security team receives the triaged submission, they review and reconfirm whether the vulnerability is valid and requires a fix. If it requires a fix, then the submission state is changed to Unresolved and transitioned to the development team.
In the following image, the value in the Days in review indicates the average number of days taken for a submission to transition to Unresolved state.
When the development team receives an unresolved submission, they fix the vulnerability and the submission is transitioned from Unresolved to Resolved state.
In the following image, the value in the Days to fix indicates the average number of days taken for a submission to transition to Resolved state.
Transition Time Based on Severity
The Transition times by severity section shows the average time taken for submissions to transition through the workflow based on the vulnerabilities’ technical severity.