Following the Code of Conduct

The Bugcrowd code of conduct is one of the most important resources on Bugcrowd’s platform and provides guidelines to follow as a Researcher to successfully keep to a professional path. It is mandatory that you adhere to the code of conduct when working on a bounty or engaging with our community.

What happens if I behave incorrectly

Depending on the context and severity of the incident, consequences can range from educational coaching to temporary or permanent loss of platform privileges. All decisions are private matters between the Bugcrowd team and the Researchers(s) involved.

How are reported incidents reviewed

Bugcrowd team members review all reported circumstances, for context and severity. This may include conversations with all parties involved (Researcher, Program Owner or other Bugcrowd Team members) as well as screenshots, links or prior enforcement history.

If the incident under review is determined to be in violation of the Code of Conduct or Standard Disclosure Terms, the Bugcrowd team determines the appropriate response and messages the Researchers and/or Program Owners accordingly. This can range from educational messaging to either a Researcher (or a Program Owner!) to provide best practices and can escalate to a formal and permanent removal from the Bugcrowd platform.

There is an opportunity to discuss the final decision by submitting a support ticket through the Bugcrowd Support Portal, if warranted.

Platform Behavior Standards

The Platform Behavior Standards help you better understand unacceptable issues and behaviors on the Bugcrowd platform, and measures that are taken when we become aware of an incident. Each behavior type has an associated severity value. Based on the severity value of the researcher violating the code of conduct, enforcement actions are applied. For information about the behavior types, severity values, and the enforcement actions, see Platform Behavior Standards section in code of conduct.

Each researcher starts at 0 behavior points. If an incident occurs that is a violation of the code of conduct, then points are increased based on the severity. If you reach 5 points, you are removed from the platform for a certain period of time.

A few enforceable areas include (but not limited to) the following:

  • Unprofessional conduct

    • Disruptive behaviour/testing
    • Aggressive and/or Abusive behaviour
    • Abuse of reward systems within Bugcrowd
  • Disclosure

    • Disclosure Threat
    • Unauthorized Disclosure of a Private Bounty and/or
    • Unauthorized Disclosure of a Submission’s vulnerability content