Submission Limit

Submission Limit

To protect triage capacity and prioritize high-signal research, Bugcrowd implements submission limits for accounts with limited historical performance. These measures are designed to reinforce accountability and ensure that high-quality, validated findings receive the attention and speed they deserve.

Scope & Eligibility

This policy is designed to encourage growth and quality within the researcher community.

  • This applies to Managed Bug Bounty (MBB) engagements only. Vulnerability Disclosure Programs (VDPs) and Pen Tests are currently excluded from these limits.
  • Accounts with a proven track record of quality submissions and performance are exempt from these limits.

Accounts meeting the performance criteria are limited to 5 simultaneous pending submissions on Managed Bug Bounty (MBB) programs.

  • Only submissions in Open states (New or Triaged) count toward this limit.
  • Submissions marked as Unresolved, Resolved, Informational, Out of Scope, Not Reproducible, or Not Applicable do not count toward your limit.
  • Once a pending submission is moved to a non-open state (e.g., Resolved), a submission slot immediately opens up for a new report.

Alerts

To help you track these limits, the platform provides informative warnings and blocking alerts directly on the submission page.

Tips for Success

If you reach the submission limit, the most effective way to restore your submission ability is to focus on the quality and validation of your research rather than the volume of reports.

  • While limited on MBBs, you can still submit to Vulnerability Disclosure Programs (VDPs) to improve your account performance.
  • As active reports are moved out of Open states, you will be able to submit more until you reach the limit again.

FAQs

1. What is the submission limit?

Accounts subject to this policy are limited to 5 simultaneous pending submissions on Managed Bug Bounty (MBB) programs at any given time.

2. Can I replace one of my submissions pending for another?

No you cannot replace a pending submission. VDPs will still be accepting submissions to help with performance.

3. Does this limit apply to my account?

The limit applies to accounts with limited historical performance. Accounts with a proven track record of quality and impactful submissions are exempt.

4. Which programs does this limit apply to?

The limit applies to Managed Bug Bounty (MBB) programs only. Vulnerability Disclosure Programs (VDPs) and Pen Tests are excluded.

5. Which submission states count toward my limit?

Only submissions in open states — New or Triaged — count toward your limit.

6. Which submission states do NOT count toward my limit?

Submissions marked as Unresolved, Resolved, Informational, Out of Scope, Not Reproducible, or Not Applicable do not count.

7. What happens when one of my submissions moves out of an open state?

A submission slot immediately becomes available, allowing you to submit a new report.

8. How will I know if I am approaching or have reached my limit?

The platform displays informative warnings and blocking alerts directly on the submission page.

9. What can I do if I’ve reached my submission limit?

You can continue submitting to VDPs, which are not subject to this limit, to help improve your account performance. Focusing on the quality and relevance (In Scope) of submissions considering the engagement you’re submitting to, including its Brief and Targets.

Account Management Expand to see sub-pages
Disclosure Expand to see sub-pages
Engagement Brief Expand to see sub-pages
Engagement Management Expand to see sub-pages
Invites Expand to see sub-pages
Onboarding Expand to see sub-pages
Security Program Management Expand to see sub-pages
Receiving Rewards Expand to see sub-pages
Submission Management Expand to see sub-pages
Visit bugcrowd.com