Our 2017 Spring Product Release improves vulnerability management for the enterprise and supports the long-term success of both security teams and researchers.
Organizations and researchers alike are continuing to adopt the crowdsourced application security testing model (aka bug bounties). We’ve seen this on our own platform where we’ve doubled the number of security researchers and have tripled the number of enterprise customers in the last year alone. As bug bounties continue to trend upward, it becomes increasingly important that our bug bounty platform scales to meet the changing needs of an enterprise’s application security program. Furthermore, the bug bounty platform experience should be intuitive, informative, and seamless to integrate into an organization’s current application security assessment process.
Bugcrowd’s latest release delivers comprehensive reporting with actionable insights and improved vulnerability management workflow for the enterprise customer, while updates to the researcher dashboard provide researchers with real-time actionable data to enhance performance.
This release is structured around four core Crowdcontrol capabilities:
- Actionable Insights
- Customizable Reporting
- Powerful Enterprise Integration
Valuable real-time metrics that enable users to understand performance and identify trends that can drive the appropriate actions to improve success for both customers and researchers.
- Insights Dashboard – a high-level view of an organization’s program performance and vulnerability trends enabling actionable insight to help improve the success of their bug bounty program
- Researcher Dashboard – delivers actionable performance metrics that can help researchers improve their performance to reach personal goals and earn additional Bugcrowd accolades
Extensive customization empowers users to generate real-time reports for a specified audience via the Insights Dashboard.
- Filtering – specify a more granular view of the report by using extensive filtering functionality
- Downloadable PDF – utilize the custom filtering functionality to custom tailor the report, then download a PDF with a single-click of a button
- Full-Scale CSV Export – export full-scale bounty and submission data to generate your own customized reports and graphs
Powerful Enterprise Integration
Powerful integration tools streamline bug bounty program implementation into the enterprise application security workflows.
- Bi-directional JIRA – seamlessly integrate vulnerabilities found on bug bounty programs directly into the SDLC with our intuitive and efficient bi-directional JIRA integration.
- Automated workflows – streamline the management of all vulnerabilities from validation to remediation with auto JIRA ticket tracking and creation
- API – offers a more integrated workflow by enabling organizations to access raw report data and utilize a powerful query interface outside the Crowdcontrol platform. We are continuously implementing new functionality to our API. Coming up you can expect our API to:
- Provide metadata with each submission (including comments and an activity log)
- Allow payments to be set on a submission
- Assign a team member to a submission
Bug Bounty Thought Leadership
Bugcrowd is the leading managed bug bounty platform. We take pride in learning from our past programs, monitoring the market, and listening to our customers and researchers to ensure the success of all the programs we run. With that in mind, we’ve recently open sourced our Vulnerability Rating Taxonomy (VRT) on GitHub. Open sourcing the VRT provides a more diverse perspective and ensures it is current and reflective of market needs. To learn more or to contribute, check out the VRT on GitHub.
For further insight into these newly released Crowdcontrol features, take a look at our 2017 Spring Product Release Notes.
Any thoughts, ideas, or questions? We’d love to hear from you at firstname.lastname@example.org or @Bugcrowd.