Following the Code of Conduct

The Bugcrowd code of conduct is one of the most important resources on Bugcrowd’s platform and provides guidelines to follow as a Researcher to successfully keep to a professional path. It is mandatory that you adhere to the code of conduct when working on a bounty or engaging with our community.

Enforceable areas include (but are not limited to)

  • UNPROFESSIONAL CONDUCT

    • Disruptive behaviour/testing
    • Aggressive and/or Abusive behaviour
    • Abuse of reward systems within Bugcrowd
  • DISCLOSURE

    • Disclosure Threat
    • Unauthorized Disclosure of a Private Bounty and/or
    • Unauthorized Disclosure of a Submission’s vulnerability content

What happens if I behave incorrectly

Depending on the context and severity of the incident, consequences can range from educational coaching to temporary or permanent loss of platform privileges. All decisions are private matters between the Bugcrowd team and the Researchers(s) involved.

How are reported incidents reviewed

Bugcrowd team members review all reported circumstances, for context and severity. This may include conversations with all parties involved (Researcher, Program Owner or other Bugcrowd Team members) as well as screenshots, links or prior enforcement history.

If the incident under review is determined to be in violation of the Code of Conduct or Standard Disclosure Terms, the Bugcrowd team determines the appropriate response and messages the Researchers and/or Program Owners accordingly. This can range from educational messaging to either a Researcher (or a Program Owner!) to provide best practices and can escalate to a formal and permanent removal from the Bugcrowd platform.

There is an opportunity to discuss the final decision through support@bugcrowd.com, if warranted.


Onboarding
Account Management
Program Management
Submission Management
Receiving Rewards