Subscribe to researcher specific updates at https://docs.bugcrowd.com/feed/changelogs/researcher.xml.
Dec 7th, 2022
Oct 24th, 2022
Apr 16th, 2021
Introduced a variant for OAuth Accounting Squatting classified as a P4
Secure Code Warrior developed a VRT mapping to their developer training
Extended support for Automotive categorization, developed in collaboration with Stellantis.
Downgraded all Flash-based entries to a rating of P5
Improved existing remediation advice for a number of entries
Simplified Weak Login Function entries with a baseline severity rating of P4
Mar 3rd, 2020
Dec 19th, 2019
Dec 19th, 2019
Nov 5th, 2019
Oct 11th, 2019
Jul 24th, 2019
May 7th, 2019
Mar 14th, 2019
Automative Security Misconfiguration category
Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.
Two new P4’s related to 2FA Secret Management
Remediation Advice links to latest OWASP Documentation
Feb 16th, 2019
Tokenized date search
Dec 17th, 2018
Platform supports 100MB for all file uploads
Oct 30th, 2018
Sep 24th, 2018
Sep 19th, 2018
Aug 15th, 2018
Identify Bugcrowd employees in activity feeds with a new icon identifier
Jul 3rd, 2018
updatedlabel on the Programs page, to highlight recently updated programs.
Bugcrowd ninja forwarding now includes the
toemail address to allow sub-domains.
Quick links panel in Researcher dashboard
Leveraging program or user images for unfurling
Use Crowdcontrol on the go, now with a responsive navigation bar.
Notifications show below the customer state dropdown, so you can quickly change states, without needing to dismiss.
Jul 2nd, 2018
Apr 17th, 2018
Remove timeout, instead using re-authentication prompts.
Interactive Session Management UI
Feb 15th, 2018
Search by Custom Fields with the Submission Search Bar
Search result number count when using the Submission Search Bar
Insights filter toggle - offering a clean display for sharing data on TVs
Page design refreshes on the ID Verification and Payment Method Configuration pages
Jan 17th, 2018
Program performance metric to Program Page (Time to Validation)