In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address. They often have an existing security page and want the ability to accept disclosures directly from their website.
We advise these customers to establish a public Bugcrowd disclosure program. Our platform, Crowdcontrol™, allows customers to easily accept vulnerability disclosures from researchers around the world and harness the power of the Bugcrowd community. Setting up and communicating a disclosure program helps users understand that you’re willing and able to fix vulnerabilities in your software. Our platform and security team operationalize the disclosure process—ensuring customer quickly fix issues that present an actual risk to their software and infrastructure.
New Platform Update – Embedded Submission Form
Today we are excited to announce the Bugcrowd Embedded Submission Form!
The Embedded Submission Form allows customers to capture vulnerability submissions from anyone on their public website, while continuing to harness the power of Bugcrowd’s vulnerability triage and validation services. This feature streamlines the process for organizations to launch their own disclosure program by hosting it directly on their website. In combination with the email and in-platform channels, this makes Crowdcontrol the most flexible and powerful offering for public vulnerability disclosure programs.
How it works
1. Copy the Embedded Submission Form Script provided by Bugcrowd.
2. Embed the Embedded Submission Form code into a page on your website.
3. Whitelist your site domain so that the form can appear on your website.
4. Contact Bugcrowd to enable your form.
5. Share and receive vulnerabilities.
Take a look at what the Embedded Submission Form looks like when embedded on a website here.
For further detail on the new embedded submission form, visit our documentation and see our one-pager. If you have any thoughts, ideas, or questions, we’d love to hear from you at firstname.lastname@example.org or @Bugcrowd.