Bugcrowd Blog

Product Update - Insights into Your Program's Performance:

Posted by Katrina Rodzon on Jul 28, 2016 10:00:00 AM

Crowdcontrol’s new ‘Insights’ dashboard provides insightful metrics into your bug bounty program performance. This is just the first step we are taking in bringing you the right metrics to initiate scalable actions and provide meaningful reports for your security team, development team and the people who write the checks.

Screen_Shot_2016-07-27_at_12.28.13_PM.png

Our updated ‘Insights’ dashboard gives you a quick and visual way to understand engagement over time, trends in submissions and action items for your team. We provide those insights around four different program metrics:

  • Submissions Over Time
  • Priority Per Submission
  • Bug Types
  • Status of Bugs  

Submissions Over Time

An overview of vulnerability submissions throughout your program.

Screen_Shot_2016-07-27_at_12.33.43_PM.png

Use this metric to visually monitor submission activity on a particular program. This insight will help you course correct activity if your program’s submission rate is too high or too low. It makes it easy to see activity generated by program adjustments such as application updates, increases in rewards, adding targets, or external promotions.


Priority Per Submission

Understand the breakdown in criticality of valid vulnerabilities submitted to your program.

Screen_Shot_2016-07-27_at_4.13.47_PM.png

This provides a better understanding of how often you receive critical vs. non- critical bugs. Using this insight gives program owners a high-level understanding of program and bounty brief effectiveness. Set goals for yourself to decreases the amount of critical bugs received over time.


Bug Types

Provides high-level insight into the most common vulnerability types submitted to your program.

Screen_Shot_2016-07-27_at_4.17.29_PM.png

This is valuable information that can be taken back to your development team to identify common weaknesses, help them learn from their mistakes, and make improvements before launching new code. Additionally, identifying bug types can help you improve your bounty brief on an ongoing basis–directing researchers to focus on specific areas, or excluding specific bug types.


Status of a Bug

A real-time view of the current status of all submissions.

Screen_Shot_2016-07-27_at_4.19.26_PM.png

It’s important to stay up to date with the submission workflow–quick and consistent responses keep the researcher community happy. Use this report to help identify which submissions need the most actionable attention, so your team can focus on what matters!

Stay tuned in the upcoming months as we plan to make improvements on helping you better understand the performance of your bug bounty program.  Any thoughts, ideas, or questions? We’d love to hear from you at support@bugcrowd.com or @Bugcrowd.
Product Updates
Katrina Rodzon

Written by Katrina Rodzon