Program Summary Report
The Program Summary Report provides information about the performance of your bounty or vulnerability disclosure program. If you are running an ongoing program, the Program Summary Report provides the information you need to find key data points and trends, so that you can assess the success and value of your program. The Program Summary Report is generated as a PDF file to enable sharing the performance metrics with stakeholders in your organization.
Program Report for On-Demand Programs: You can generate the Program Summary Reports for ongoing programs only. For on-demand programs, Bugcrowd generates the Program Summary Report and delivers it to you at the end of your program.
The Program Summary Report includes the following sections:
- Executive Summary: Provides a brief synopsis of the contents and purpose of the report.
- Reporting Methodology: Describes the diversity of testing methodologies used during the test.
- Targets and Scope: Provides information about the tested targets and the Bugcrowd team members assigned to the program.
- Findings Summary: Consists of the following sub-sections:
- Findings by Severity: Includes a graph that provides a high-level view of all valid assessment findings from the program based on technical severity.
- Risk and Priority Key: Provides detailed understanding of Bugcrowd’s Vulnerability Rating Taxonomy (VRT).
- Findings Table: Provides an overview of all valid submissions for the program.
- Vulnerability Details: Provides complete data for each valid submission.
- Appendix: Consists of the following sub-sections:
- Submissions Over Time: Includes a bar graph that shows the number of submissions received and validated over a period of time.
- Submissions Signal: Provides the number of valid, invalid, and duplicate submissions. Also, shows the submissions that are being processed.
- Bug Types Overview: Includes a pie chart view of valid submissions received based on the vulnerability type and Vulnerability Rating Taxonomy.
- Spendings of Program Reward Pool: Provides a high-level overview of rewards paid to the researchers.
- Top 3 Highest Paid Submissions: Provides the title, the link, and the amount rewarded for the top three paid submissions.
- Closing Statement: Provides a final recount of your program.
When you build the Program Summary Report, you can select the sections you want to include or exclude in the report.
Program Health and Spend Report
The Program Health and Spend Report provides an insight into your program spend, and aims to show the Return On Investment (ROI) of your crowdsourced security program. The intended audience for this report is the broader security team and other stakeholders, who may not be aware of day-to-day program operations, but want a quick overview of the program health. The Program Health and Spend Report is generated as a PDF file.
The Program Health and Spend Report includes the following sections:
- Executive Summary: Provides the purpose of the report.
- Program Performance: Provides information about the number of accepted submissions, number of valid submissions received based on severity, or priority level, and the researcher payment time.
- Your Investment: Shows the reward expenditure and the teams’ time spent on the platform and the response time to submissions.
- Bugcrowd’s Role: Provides a breakdown of Bugcrowd’s role in making sure your program’s success. The chosen measure is the response time.
Security Posture Report
The Security Posture Report provides information about the type, severity, the number of vulnerabilities received, your team’s ability to quickly act, and learn from findings. This report helps in identifying trends in response and resolution times, and changes to the received vulnerabilities. Based on industry benchmarks, you can quickly map your progress compared to industry peers. The report is generated as a PDF file.
The Security Posture Report includes the following sections:
- Executive Summary: Provides the purpose of the report and summarizes the report details.
- Resolution Trend: Includes a graph that shows how quickly your organization is resolving submissions. It shows the time taken between acceptance and resolution for submissions.
- Opportunities: Provides information about how your organization is performing compared to the peers in your industry. Based on this information along with an understanding of unique industry trends, Bugcrowd may recommend actions that can help to improve submission volume.
- Security Posture: Provides information about the following:
- Number of open vulnerabilities for your program.
- Targets in your program that have the most submissions.
- Targets that require additional attention from your team.
- Submissions: Provides details of valid submissions for your program for the last 30 days.
Creating a Report
-
Go to the Reports tab and then click the tab for the type of report you want to generate. For example, to generate Security Posture Report, click the Security Posture Report tab.
-
Click Create new report.
- Provide the following information:
- Report title: Title for the report.
- Bounty name: Program name for which you are generating the report.
In case of Program Summary Report, you can select any of the following sections to include in your report:
- Table of contents: Includes table of contents.
- Target list: Includes the tested targets tested and the Bugcrowd team members assigned to the program.
- Default executive summary: Includes a brief synopsis of the contents and purpose of the report
- Submissions index: Includes the Findings Table that provides an overview of all valid submissions for the program.
- Full vulnerability details: Includes the Vulnerability Details section that provides complete data for each valid submission.
- Program reward details: Includes the following:
- Spendings of Program Reward Pool: Provides a high-level overview of rewards paid to the researchers
- Top 3 Highest Paid Submissions: Provides the title, link, and the amount rewarded for the top 3 highest paid submissions.
-
Click Generate report.
The You will receive an email to download the PDF report as soon as possible message is displayed.
Viewing Report
In the email you have received from Bugcrowd, click View Report.
The report (in PDF format) opens in a browser and you can download the file.
You can also click the report title to view the report.
The report title link is active only after the PDF report is generated.
Deleting a Report
Click Delete for the report you want to delete.
The Report deleted message is displayed.