- Requesting Disclosure
- Adding Disclosure Summary
- Selecting Disclosure Level
- Submitting Disclosure Request
- Editing Submitted Disclosure Request
- Cancelling Submitted Disclosure Request
- Viewing Approved or Denied Message from Program Owner
Submission reports that have been approved for Coordinated Disclosure can be shared externally. In addition, disclosed reports are visible to the public in CrowdStream and contain a summary that you and the Program Owner have provided; this disclosure summary includes information such as program name, submission title, reward amount, VRT priority, and a timeline of activity in this submission.
You can request a disclosure only if the Program Owner has enabled disclosure in CrowdStream setting. By default, the Coordinated disclosure option is enabled. For more information, see enabling disclosed submissions in CrowdStream
It is recommended to submit disclosure request for resolved vulnerabilities.
When you create, update or cancel the disclosure request, the Program Owner is notified. The Program Owner may choose to request changes to your summary, decrease your preferred disclosure level or deny disclosure. When the disclosure request is approved or denied, you will be notified and the Disclosure request section in the submission displays the notification message.
Go to Submissions tab, click the submission for which you want to disclose the report, and click Request disclosure. Make sure to read the public disclosure policy.
Adding Disclosure Summary
In Disclosure summary, provide the details of your submission. You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.
Selecting Disclosure Level
In Disclosure level, select one of the following options:
- Full visibility: Full report details are visible to the public. It includes vulnerability information, summary, and complete timeline (comments and attachments).
- Limited visibility: Summary and timeline with comments are visible to the public.
Submitting Disclosure Request
After providing the disclosure summary and selecting the disclosure level, click Submit request.
The Disclosure request submitted message is displayed. The status of the disclosure is changed to Pending review. A notification is sent to the program owner to approve the request.
After the program owner approves the disclosure request, the submission will be displayed in CrowdStream activity feed.
The following image shows a disclosed submission in CrowdStream. The user name and the reward amount is displayed based on your CrowdStream settings. For more information about CrowdStream settings, see setting CrowdStream visibility options.
Editing Submitted Disclosure Request
Before approving your request, Program Owners may request changes to your summary or you may want to update the summary and resend the request.
To edit the submitted disclosure request, click Edit summary.
Update the Disclosure summary and select the Disclosure level (if required) and click Save summary.
The Disclosure request updated message is displayed. A notification is sent to the Program Owner.
Cancelling Submitted Disclosure Request
To cancel a submitted disclosure request, click Cancel request as shown.
The following pop-up message is displayed. Click Cancel request.
The Disclosure request cancelled message is displayed. Also, the message as shown in the following image is displayed for the submission.
Viewing Approved or Denied Message from Program Owner
When the Program Owner approves the disclosure request, the following message is displayed in the Disclosure request section of the submission.
You can click View disclosed report to view the submission report that is published. The following screenshot shows a disclosed report with full visibility.
The following screenshot shows a disclosed report with limited visibility.
When the Program Owner denies the the disclosure request, the following message is displayed in the Disclosure request section of the submission.