The Details tab provides you with the engagement details. You can navigate the brief sections by using On this page.
The engagement brief contains the following sections:
- Overview: The company overview.
- Description: Rules and requirements of the engagement.
- Targets: The targets you can test and their rewards (if applicable).
- Known issues: If applicable, vulnerabilities the company is already aware of.
- What’s new: The recent announcements on the engagement.
- Recent activity: The recent activities on the engagement.
-
Crowd highlights:
- Latest hall of famers
- Recently join this engagement
- Additional information: Any other relevant information about the engagement.
-
Things to know:
- Testing problems
- Engagement rules
- Disclosure
Note: Always review the Engagement Brief before beginning to test. This helps prevent Out of Scope submissions. Reporting a vulnerability against a target not explicitly in scope may result in your report being marked as Out Of Scope, with a penalty of -1 point applied to your profile. If you have any questions about the scope of the engagement, submit a support ticket through the Bugcrowd Support Portal.
Vulnerability Disclosure: When viewing a brief for a Vulnerability Disclosure engagement, a call-out is displayed on the right-side of the page indicating that point rewards are no longer offered. For more information, see how bugcrowd sees vulnerability disclosure programs and points.
Scope and Rewards
In the Targets section on the Engagement brief, it outlines the In scope and Out of scope targets and the reward ranges if the engagement offers monetary rewards.
In scope targets are the locations that you can test and submit vulnerability reports against. Out of scope targets are the locations that you must not test against.
The target and reward specifics include:
- In and Out of scope definitions
- Target details:
- Target name: Name of the target.
- Target URL/Location: A complete URL to access the target.
- Category: The category that best fits the target.
- Tags (optional): The tags indicate the skills and technologies that will be helpful in testing the target.
- Reward ranges (if applicable)
Additionally there are flags to help alert you of changes to scope and rewards. The flags will callout the following:
- Reward increases or decreases
- New targets
- Targets moved into scope or out of scope
Viewing Known Issues
This section provides information on previously reported vulnerabilities for the engagement. This information helps you choose how to concentrate your testing, and focus on other areas that have not been previously reported or do deeper testing on specific areas.
Note: You must be signed into the platform in order to be able to view Known Issues available on Public Engagements.
Engagement Rules
Engagement rules provide the disclosure terms and outline any specific rules that need to be followed for an engagement. If you have questions about the rules, please contact Bugcrowd Support by submitting a support ticket through the Bugcrowd Support Portal.
It may be tempting to share your findings with others, but remember, each engagement has a disclosure policy that you must respect. Many engagements do not want you to share the vulnerabilities that you’ve discovered with the public. Additionally, talking about a private engagement with another researcher who may not have been invited to the engagement is against Bugcrowd’s policies, as it discloses the existence of the engagement.
