Hackers can now delete their connected Payoneer account within Payment Methods.
Hackers are always looking for their next target to dig into. Now with our new program search, this is more flexible and easier than ever before. With new advanced text search and filtering, researchers can search by skill, special reward incentives, as well as programs previously submitted to, some of the many levers Bugcrowd’s expert team uses to invigorate program participation over time. This creates better visibility across all programs and helps customers connect with the right researchers for their program.
We recently released VRT v1.7, with a platform integration planned for the week of March 25th. The release includes but is not limited to the below updates, learn more here.
Researchers’ Payment settings have been moved from Account settings tab into a Payment Methods tab. As well as, updated the payment csv export by date order. Allowing researchers a more simplified view of their payment timeline and submissions.
No longer need to upload large files to external sources, platform now supports 100MB for all file uploads. Allowing customers and researchers to upload larger files than ever before.
With Bugcrowd triage, easily identify who your current primary Application Security Engineer (ASE) is right from your program summary page.
Updated VRT 1.6 includes two major changes: revision to internal SSRF, and how we rate email spoofing, more specifically the baselines around SPF and DMARC.
Improvements to the point reward system have been made to better align expectations between customers and researchers. Qualifying“Won’t Fix” submissions will be rewarded points to recognize the researchers for their hard work, while setting the expectation that the vulnerability is an accepted risk that will not be fixed.Researchers can now download a CSV with remitted payments. Researchers are once again receiving email notifications for VRT or priority updates to their submissions.
The latest VRT release (version 1.5) includes the following updates:
-Improving transparency by adding multiple entries for commonly reported issues
-Aligning the baseline severity rating to best reflect the market by increasing taxonomy granularity
Although rare, customers have made a mistake when rewarding for vulnerabilities and, therefore, adjustments may be needed. Upon the cancelation of a reward, researchers will be notified and informed of the reason for the change. Customers can then award the correct amount.