You can have shared access to a submission as collaborators, allowing all collaborators to view, comment, upload files to a submission, and split the monetary and point rewards. Collaborating with other researchers can help you increase your skills, and by working as a team you may be able to find new vulnerabilities and write more impactful submissions for greater rewards.
You can view the researchers with whom you can collaborate with on the Program Brief page or on the Submission Details page. The Program brief shows people you are friends with who have interacted with the program and does not display the full list of people you could collaborate with.
- Public programs display a list of friends you can collaborate with, who have interacted with this program.
- Private programs display a list of friends who are also invited, and with whom you can collaborate
If you cannot collaborate with others, Solo-Only is displayed on the Program Brief page.
To collaborate on a submission:
Click Submit Report at the top of the bounty page.
When specifying the vulnerability details, click Add Collaborator to add the researchers with whom you want to collaborate.
Click the drop-down menu, select a friend with whom you want to collaborate. You can look up researchers based on their Bugcrowd usernames and add up to 10 collaborators for a single submission. If a researcher has blocked you, or has set their collaboration privacy filter to “only friends” and doesn’t have you added as a friend, you will not be able to invite them to collaborate.
Click on the red trash can to delete a collaborator.
Collaborators and rewards are not adjustable after submitting: Once the submission is submitted, collaboration fields are frozen and cannot be edited. If there are issues, submit a support ticket through the Bugcrowd Support Portal.
The reward can be split among all the collaborators based on percentage. The total percentage across all collaborators must equal 100%.
An error message is displayed if the percentages do not add up to 100%.
Once collaborators are added and the reward percentages are set and if you have completed all the other areas of your submission report, click Report vulnerability.
An email notification will be sent to all collaborators to notify them that they have been invited to collaborate on a submission.
In your collaborative submissions, you can view your rewards split based on the pre-determined percentages.