The Program Report provides you with clear insight into how your bounty or vulnerability disclosure program is performing. It is a PDF report that enables you to easily share performance metrics with stakeholders in your organization and to provide your customers and auditors with the information they need to understand your compliance posture. If you are running an ongoing program, the Program Report will deliver you with the information you need to find key data points and trends, so you can assess the success and value of your program.
Program Report for On-Demand Programs
Program Reports can only be generated by customers with ongoing programs. If you are an running an on-demand program, Bugcrowd will continue to generate the Program Report and deliver it to you at the end of your program.
To help you quickly find the information you care most about, the Program Report includes the following sections:
- Executive Summary - provides a brief synopsis of the contents and purpose of the report.
- Reporting Methodology - describes the diversity of testing methodologies used during the test.
- Targets and Scope - identifies the targets tested and states the Bugcrowd team members assigned to the program.
- Findings Summary - this section consists of the following sub-sections:
- Findings by Severity - a graph providing a high-level view of all valid assessment findings from the program by technical severity.
- Risk and Priority Key - a detailed understanding of Bugcrowd's Vulnerability Rating Taxonomy (VRT) delivering clarity around how vulnerabilities are rated.
- Findings Table - an overview of all valid finding on the program.
- Vulnerability Details - full submission data for each valid finding.
- Appendix - distills submissions data into the following sub-sections:
- Submissions Over Time - a bar graph showing the number of submissions received and validated over a period of time
- Submissions Signal - a detailed breakdown of submissions identifying the number of valid, invalid, duplicate, and processing vulnerabilities giving you a view of the program's signal.
- Bug Types Overview - a pie chart view of valid submissions received by the vulnerability type, based on the Vulnerability Rating Taxonomy.
- Spendings of Program Reward Pool - a high-level overview of rewards paid out to the researchers.
- Top 3 Highest Paid Submissions - the title, the link, and the amount rewarded for the top 3 highest paid submissions.
- Closing Statement - provides a final recount of your program.
When you build your report, you can select the sections you want to include or exclude in your report.
To generate a Program Report, go to the Insights page and click the Program Report tab. This page displays all of your generated reports.
When the Report Options window appears, provide a name for the report, specify a date range, and choose the sections you want to include in the report.
Report Options include:
- Report Title - type in the name of your report.
- Submitted At - use the drop-down arrow to select a specified date range for the Program Report.
- Targets and Scope - check the box to include the Targets and Scope section that shows the targets tested and states the Bugcrowd team members assigned to the program.
- Submission Inbox - check the box to include the Findings Table, an overview of all valid finding on the program.
- Full Vulnerability Details - check the box to include the Vulnerability Details section that shows full submission data for each valid finding.
- Program Reward Details - check the box to include the Spendings of Program Reward Pool, a high-level overview of rewards paid out to the researchers, and the Top 3 Highest Paid Submissions, which provides the title, the link, and the amount rewarded for the top 3 highest paid submissions.
When you are ready to build the report, click the Generate Report button.