Researcher Changelog

Stay in the loop on the latest for Researchers

Subscribe to researcher specific updates at

Jul 16th, 2024
Jul 2nd, 2024
Jun 18th, 2024
May 7th, 2024
Apr 10th, 2024
Dec 18th, 2023
Nov 27th, 2023
Oct 12th, 2023
Sep 6th, 2023
Aug 17th, 2023
May 2nd, 2023
Apr 5th, 2023
Mar 30th, 2023
Mar 16th, 2023
Dec 7th, 2022
Oct 24th, 2022
Sep 8th, 2022
Aug 4th, 2022
Jan 7th, 2022
Apr 16th, 2021

Updated with VRT 1.10

  • Introduced a variant for OAuth Accounting Squatting classified as a P4

  • Secure Code Warrior developed a VRT mapping to their developer training

  • Improved
  • Extended support for Automotive categorization, developed in collaboration with Stellantis.

  • Downgraded all Flash-based entries to a rating of P5

  • Improved existing remediation advice for a number of entries

  • Simplified Weak Login Function entries with a baseline severity rating of P4

Sep 16th, 2020
Sep 15th, 2020
Sep 12th, 2020
Jun 18th, 2020
Apr 3rd, 2020
Mar 3rd, 2020
Dec 19th, 2019
Dec 19th, 2019
Nov 5th, 2019
Oct 11th, 2019
Aug 2nd, 2019
Jul 24th, 2019
Jun 17th, 2019
May 7th, 2019
Apr 11th, 2019
Apr 1st, 2019
Mar 14th, 2019

Updating to VRT 1.7

  • Automative Security Misconfiguration category

  • Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.

  • Two new P4’s related to 2FA Secret Management

  • Improved
  • Remediation Advice links to latest OWASP Documentation

Feb 16th, 2019

Comparison Operators for Dates

  • Tokenized date search

Dec 17th, 2018
Dec 17th, 2018

File Support Update

  • Platform supports 100MB for all file uploads

Nov 2nd, 2018
Oct 30th, 2018
Oct 26th, 2018
Sep 24th, 2018
Sep 19th, 2018
Sep 18th, 2018
Aug 15th, 2018

Improved identification of Bugcrowd

  • Identify Bugcrowd employees in activity feeds with a new icon identifier

Aug 7th, 2018
Jul 10th, 2018
Jul 3rd, 2018

Advanced Crowdcontrol UX

  • Unique Avatars

  • updated label on the Programs page, to highlight recently updated programs.

  • Bugcrowd ninja forwarding now includes the to email address to allow sub-domains.

  • Quick links panel in Researcher dashboard

  • Leveraging program or user images for unfurling

  • Improved
  • Use Crowdcontrol on the go, now with a responsive navigation bar.

  • Notifications show below the customer state dropdown, so you can quickly change states, without needing to dismiss.

Jul 2nd, 2018
Jun 19th, 2018

Updating to VRT 1.4

Apr 17th, 2018

Heightened Platform Security and Usability

  • Remove timeout, instead using re-authentication prompts.

  • Interactive Session Management UI

Apr 16th, 2018
Feb 15th, 2018

New Crowdcontrol Enhancements Add Improved Platform Efficiencies

  • Search by Custom Fields with the Submission Search Bar

  • Search result number count when using the Submission Search Bar

  • Insights filter toggle - offering a clean display for sharing data on TVs

  • Improved
  • Page design refreshes on the ID Verification and Payment Method Configuration pages

Jan 17th, 2018

Improved Program Performance Tracking and Platform Efficiency

Dec 21st, 2017
Nov 21st, 2017

New Submission Search Bar and Filtering

  • Advanced submission filtering is live

  • Improved
  • Text search within Crowdcontrol is now more accurate in filtering for exactly what you search for, no longer trying to handle misspellings.

Oct 4th, 2017

Introducing VRT 1.3

  • VRT v1.3 is shipped

Jul 26th, 2017

VRT Goes Open Source

  • VRT gem is now open sourced