Bugcrowd Blog

Program Updates: Communicating Bounty Brief Changes to the Crowd

Posted by Travis Andrade on Sep 12, 2016 2:00:36 PM

Crowdcontrol now offers researchers the ability to follow bounty programs to stay up-to-date on changes made to organizations' bounty briefs. Now, researchers who are "subscribed" to an organization's public or private program will be alerted when there is a change in 1) rewards or 2) targets in scope. 

Why is this important? With this most recent product feature, ‘Program Updates,’ important bounty brief changes are communicated to researchers on an ongoing basis. This feature will help bolster transparency and encourage long-term loyalty and participation in specific bounty programs. We want to make sure that when changes are made to a bounty brief, researchers who are invested in a program has the insights they need to take appropriate action. 

Subscribing to Bounty Programs:

A researcher must be subscribed to a bounty program in order to receive program updates. Researchers can "subscribe" to a program in 3 ways:

  1. By clicking on the subscription star located next to the program on the programs list page as well as at the top of a program's bounty brief. A researcher must be signed into their account to "subscribe."
    Screen_Shot_2016-09-07_at_8.32.38_PM.png
  2. By submitting a vulnerability to a public program. Submitting a vulnerability to a public program will auto-subscribe a researcher to that program, however, the researcher can unsubscribe at any time.
  3. Accepting an invite to a private program. The acceptance of all private program invites will automatically subscribe researchers to the program updates. Again, the researcher can unsubscribe at any time.

 

Program Update Notifications:

Program update notifications occur when an organization makes specific changes to their private or public program bounty brief. These changes include:

  • A change in rewards
  • A change in targets in scope

An email notification will be sent to researchers who have subscribed to the organization's program letting them know changes have been made to the program.

Screen_Shot_2016-09-07_at_8.59.01_PM.png

Using the hyperlink within the email, researchers will be taken to the ‘Program Updates’ tab on the bounty brief that has been updated to view what as been changed within the program. 

Screen_Shot_2016-09-07_at_8.38.44_PM.png 

After reviewing the program update, researchers can decide whether to re-engage and actively test the program based upon the new parameters.

Transparency is key to maintaining a high level of trust between organizations and the researcher community and the information now provided through 'Program Updates' improves communication between the two parties, prevents potential confusion, and encourages long-term collaboration and loyalty! 

 

Product Updates
Travis Andrade

Written by Travis Andrade