- Requesting Disclosure
- Adding Message for Customer
- Adding Disclosure Summary
- Selecting Disclosure Level
- Submitting Disclosure Request
- Editing Submitted Disclosure Request
- Cancelling Submitted Disclosure Request
- Viewing Approved or Denied Message from Program Owner
Submission reports that have been approved for Coordinated Disclosure can be shared externally. In addition, disclosed reports are visible to the public in CrowdStream and contain a summary that you and the Program Owner have provided; this disclosure summary includes information such as program name, submission title, reward amount, VRT priority, and a timeline of activity in this submission.
You can request a disclosure only if the Program Owner has enabled disclosure in CrowdStream setting. For more information on configuration, see enabling disclosed submissions in CrowdStream.
When you disclose a submission publicly, your profile photo (avatar) from your private profile will also be revealed along with your username.
It is recommended to submit disclosure request for resolved vulnerabilities.
When you create, update or cancel the disclosure request, the Program Owner is notified. The Program Owner may choose to request changes to your summary, decrease your preferred disclosure level or deny disclosure. When the disclosure request is approved or denied, you will be notified and the Disclosure request section in the submission displays the notification message.
Go to Submissions tab, click the submission for which you want to disclose the report, and click Request disclosure. Make sure to read the public disclosure policy.
Adding Message for Customer
In Message to customer, provide a reason for the disclosure request. This message will not be visible to the general public if you are given the permission to disclose this report. You can style your text using the Markdown syntax. For more information, see using markdown for formatting content
Adding Disclosure Summary
In Summary to be published, provide the details of your submission. This message will be visible to the general public if you are given the permission to disclose this report.
You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.
Selecting Disclosure Level
In Disclosure level, select one of the following options:
- Full visibility: Full report details are visible to the public. It includes vulnerability information, summary, and complete timeline (comments and attachments).
- Limited visibility: Summary and timeline with comments are visible to the public.
Submitting Disclosure Request
After providing the disclosure summary and selecting the disclosure level, click Submit request.
The Disclosure request submitted message is displayed. The status of the disclosure is changed to Pending review. A notification is sent to the program owner to approve the request.
After the program owner approves the disclosure request, the submission will be displayed in CrowdStream activity feed.
The following image shows a disclosed submission in CrowdStream. The user name and the reward amount is displayed based on your CrowdStream settings. For more information about CrowdStream settings, see setting CrowdStream visibility options.
Editing Submitted Disclosure Request
Before approving your request, Program Owners may request changes to your summary or you may want to update the summary and resend the request.
To edit the submitted disclosure request, click Edit summary.
You can update Message to customer and Summary to be published sections and click Save summary. You cannot change the Disclosure level.
The Disclosure request updated message is displayed. A notification is sent to the Program Owner.
Cancelling Submitted Disclosure Request
To cancel a submitted disclosure request, click Cancel disclosure request as shown.
The following pop-up message is displayed. Click Cancel request.
The Disclosure request cancelled message is displayed. Also, the message as shown in the following image is displayed for the submission.
Viewing Approved or Denied Message from Program Owner
When the Program Owner approves the disclosure request, the following message is displayed in the Disclosure request section of the submission.
You can click View disclosed report to view the submission report that is published. The following screenshot shows a disclosed report with full visibility.
The following screenshot shows a disclosed report with limited visibility.
When the Program Owner denies the the disclosure request, the following message is displayed in the Disclosure request section of the submission.