Program onboarding is a key component to program success. We recently released a Crowdcontrol feature that streamlines credential management for easier researcher onboarding and workflow.
When writing vulnerability reports and submissions, it is vital to be as clear and detailed as possible to help streamline triage, validation, and acceptance. The markdown fields allowed for rich text functionality, making it easy to update and review reports.
Hackers can now delete their connected Payoneer account within Payment Methods.
Hackers are always looking for their next target to dig into. Now with our new program search, this is more flexible and easier than ever before. With new advanced text search and filtering, researchers can search by skill, special reward incentives, as well as programs previously submitted to, some of the many levers Bugcrowd’s expert team uses to invigorate program participation over time. This creates better visibility across all programs and helps customers connect with the right researchers for their program.
We recently released VRT v1.7, with a platform integration planned for the week of March 25th. The release includes but is not limited to the below updates, learn more here.
Researchers’ Payment settings have been moved from Account settings tab into a Payment Methods tab. As well as, updated the payment csv export by date order. Allowing researchers a more simplified view of their payment timeline and submissions.
No longer need to upload large files to external sources, platform now supports 100MB for all file uploads. Allowing customers and researchers to upload larger files than ever before.
With Bugcrowd triage, easily identify who your current primary Application Security Engineer (ASE) is right from your program summary page.
Updated VRT 1.6 includes two major changes: revision to internal SSRF, and how we rate email spoofing, more specifically the baselines around SPF and DMARC.
Improvements to the point reward system have been made to better align expectations between customers and researchers. Qualifying“Won’t Fix” submissions will be rewarded points to recognize the researchers for their hard work, while setting the expectation that the vulnerability is an accepted risk that will not be fixed.Researchers can now download a CSV with remitted payments. Researchers are once again receiving email notifications for VRT or priority updates to their submissions.