The researcher Dashboard provides your profile details and an insight about your performance across all programs. It displays performance metrics that you can utilize to help you understand the necessary performance adjustments required to attain personal goals and achieve Bugcrowd accolades.
You can perform the following:
- Set your profile as public or private
- Verify your identity
- View the following information for your profile:
You can set your profile's visibility as private or public. By default, it is set as public. For information to set your profile visibility, see setting your profile’s visibility.
To verify your identity, click Verify your identity. For more information, see verifying your identity.
Your location is displayed below your name.
Your Bugcrowd rank reflects your overall position in the crowd. Your rank is determined based on the total number of points you have earned for valid submissions compared to other researchers. The more points you have, the higher your rank.
The following image displays the all-time points and the current rank.
Badges are visual tokens of achievement for the valid vulnerabilities that you have submitted. The achievement badges are displayed in the Achievements section in your profile. For more information, see viewing achievement badges.
The Performance Stats section provides the performance metrics for your submissions on the Crowdcontrol platform. You can track your performance over time or within a certain time frame such as last 90 days. The All time metrics are displayed by default. Click the Last 90 days tab to view the performance metrics for the last 90 days.
The performance statistics include:
- Number of vulnerabilities you have submitted
- Accuracy of your submissions
- Average severity of the submitted vulnerabilities
The Vulnerabilities section indicates the total number of valid submissions that are marked as Unresolved, Resolved, Duplicate, or Won't Fix.
The Accuracy section indicates the percentage of submissions that are valid. It measures your ability to consistently submit valid vulnerabilities.
Accuracy is calculated by dividing your total number of valid vulnerabilities submitted over your total number of submissions. Valid submissions include Unresolved, Resolved, Duplicate, or Won't Fix.
The Average Severity section indicates your ability to submit high technical severity vulnerabilities. It is measured by adding the total number of submissions by its technical severity, based on a scale from 1 to 4 and dividing that number by total valid submissions.
- 1 represents P1 (most critical vulnerability)
- 2 represents P2
- 3 represents P3
- 4 represents P4 (lowest critical vulnerability)
P1 = 2, P2 = 0, P3 = 3, and P4 = 4
Total number of submissions based on technical severity = 1+1+3+3+3+4+4+4+4 = 28
Total number of valid submissions = 9
Average technical severity = 28/9 = 3.11
The Priority percentiles section displays both a graph and visual diagram displaying a researcher’s percentile relative to all other researchers. It shows the following:
- All five priority levels, displayed as a different color: P1, P2, P3, P4, and P5
- Displays the percentile level in relation to all Researchers. The size of the bar and the percentile value indicates the percentile level.
Percentiles are based on all the valid submissions: Won’t Fix, Duplicate, Unresolved, and Resolved
Each percentile is a comparison of a researcher’s submission volume to all other researchers over a specific period of time; the higher the percentile, the more submissions the researcher has for that priority level compared to others.
You can view the priority percentile over time or within a certain time frame such as last 90 days. The All time metrics are displayed by default. Click the Last 90 days tab to view the priority percentiles for the last 90 days.
The Reported vulnerabilities section displays a bar graph that provides a chronological view of your total number of submitted vulnerabilities (valid and non-valid) over all-time. You can view the reported vulnerabilities based on Severity or Volume.
The following image shows the reported vulnerabilities based on severity.
The following image shows the reported vulnerabilities based on volume.
When you hover your mouse over the bar, the number of submissions for a given time period is displayed.
The Submission type and severity section displays the volume of submissions based on the target type (example, IoT, Website, API, iOS, Android, Hardware, Other, or Not Categorized) and provides a graph of their technical severity.
You can choose whether to display your user name and/or your rewards for a submission in CrowdStream activity feed. For information to configure the CrowdStream visibility settings, Viewing Program Activity Feed in CrowdStream.
The Quick links section provides quick access to valuable Bugcrowd resources such as platform documentation and program guidance.
The following resources are provided:
- Code of conduct: Outlines the expected behaviour of all Bugcrowd community members participating in bug bounty programs, Bugcrowd online community offerings such as the Bugcrowd Community Forum, the Bugcrowd Researcher slack channel, BugBashes, and any other programs offered by Bugcrowd.
- Standard disclosure terms: Bugcrowd's standard guidelines and rules of engagement for crowdsourced security program participation. This, along with the program bounty brief, outline rules and expectations to be followed when testing and submitting vulnerabilities for any program.
- Bugcrowd University: Quick access to security, education, and training for the whitehat hacker community.
- Platform resources: Quick access to news, guides, webinars, and other resources on Bugcrowd and the broader crowdsourced security industry.
- Documentation: Bugcrowd's Crowdcontrol documentation helps you to understand the platform.
- Bugcrowd blog: All events happening at Bugcrowd such as new program announcements, product and feature launches, bug bounty education, and so on.
- Changelog: Lists important feature improvements and updates to the platform.
- Need help? Ask a Hacker: Access to the ask a hacker forum on Bugcrowd.
The Looking for more programs? section outlines the requirements that must be met for researchers to be invited to private programs.
When you have valid submissions, the Hall of Fame section is displayed on the right side of your profile. It shows the program icons for which you have qualified for "Hall of Fame".
In the following image:
- Total: Represents total number of programs for which you have qualified to receive Hall of Fame (both public and private).
- Private: Represents your total number of Hall of Fames received for private programs.
On public profiles, the Hall of Fame section displays only public programs.
When viewing your own dashboard, then the private programs are also displayed in the Hall of Fame section.
If the program is public, then when you hover your mouse on the Program's icon, the program name and the number of points you have earned is displayed.
Do Not Share Your Private Dashboard "Hall Of Fame" Publicly
Icons of Private Programs are shown in this view. If you share this image publicly, you are disclosing the existence of a Private Program, which is prohibited on Bugcrowd. The version on your Public Researcher Profile is safe and sanitized version, which may be shared across social media.
For more information, see getting on a program's hall of fame.
Updated 4 months ago