Bugcrowd’s Application Security Engineers now have the ability to edit submissions when triaging vulnerability reports.
Just over a month ago we launched Draft Submissions & Autosave for researchers. This enhancement to the submission workflow provides a way for researchers to spend additional time building reports on the platform; gathering all of the proof-of-concept, screenshots, and documentation needed before submitting. As a natural extension, we have released a new feature enhancement to our triage workflow that allows our Application Security Engineers (ASEs) to edit submitted reports.
Mistakes happen!
Submitted reports might contain valid findings, but could contain some faults and errors. Reports might not be fully complete or have misspellings. These errors may be unintentional as the researchers’ first language might not be English. They might not realize their reports aren’t clear, up to par, or they hit the submit button too soon. Mistakes happen!
When an ASE team member submits an edit on any report, that change will be recorded and shared with the researcher alone. The edited submission details are what the customer will receive for review and reward. Researchers will be able to see their original and edited submission side-by-side, and can learn from these Submission Edit changes for their future submissions.
Submission Editing is a value add for all
At Bugcrowd, we pride ourselves in the efforts we take in assisting researchers with all aspects of their research, submission, and reward process. Submission Editing will provide valuable feedback to the researcher, guiding them toward improved report quality and maybe even helping them pick up some new skills. It will allow us to share higher impact research to customers through improved report quality. And, ultimately, will result in faster triage & payouts for researchers and faster report generation & improved impact to customers.
Summary
By allowing Bugcrowd’s ASEs to edit the submissions:
- There’s an increased likelihood a report gets accepted and the researcher gets paid
- Researchers can see the edits and learn from them as needed
- Researchers see both their own submission and the report shared with customers
- Customers receive higher quality reports and submissions