The latest VRT release (version 1.5) includes the following updates:
-Improving transparency by adding multiple entries for commonly reported issues
-Aligning the baseline severity rating to best reflect the market by increasing taxonomy granularity
Although rare, customers have made a mistake when rewarding for vulnerabilities and, therefore, adjustments may be needed. Upon the cancelation of a reward, researchers will be notified and informed of the reason for the change. Customers can then award the correct amount.
Recent updates include added usability and control for users. Researchers can now easily filter by and view “Pending Invitations” to programs that have yet to start. Additionally, researchers can also pause and unpause payments as needed. This update has added the ability to configure Crowdcontrol to reflect the user's current time zone – in doing so, things such as submission activity timestamps, and program start times will be reflective of the time zone set.
Significant improvements have been made to increase the speed and efficiency of the submission workflow within Crowdcontrol. Submission blockers have been added to inform users (customers and researcher) when a specific action is required to further assist the vulnerability triage, validation, and fix process. It is now easier to adjust submission data as users can now edit multiple fields at one time. Searching for submissions has been improved with the ability to apply multiple sort criterias to the tokenized search.
Improvements were made to increase the platform’s ease-of-use. Updating submissions are now easier than ever, and identifying Bugcrowd within the activity feed is now simple.
Bugcrowd is excited to announce Bugcrowd University to help educate and empower the Crowd with the latest skills and methodologies.
Advancements have been made to Crowdcontrol to improve its usability. These updates deliver increased functionality built to improve the efficiency of everyday users. For example, tokenized search capabilities have been enhanced for all users to find exactly what they’re looking efficiently and effectively. Additionally, Known Issue Sharing now displays “Won’t Fix” submissions to help researchers avoid spending time on vulnerability types they may be duped against.
A number of improvements have been implemented to Crowdcontrol delivering a more intuitive and effective user experience.
Crowdcontrol makes it easy to identify unusual activity on your account with the Security Event Log, which tracks events such as new sessions or modifications to your credentials. This is available for both customers and researchers.
VRT 1.4 includes general updates/refined classifications along with mappings to Common Weakness Enumeration (CWE) and remediation advice.