At Bugcrowd, we’re committed to constantly pursuing excellence and innovation in triage to make vulnerability submissions and prioritization faster and easier for hackers and customers, alike.
As a new milestone in that effort, we are thrilled to introduce a groundbreaking, industry-first platform feature: Request a Response. This new feature offers an additional channel for hackers to engage with Bugcrowd triagers and customers, with a response ensured within 48-96 hours depending on the type of request.
As a result, hackers will enjoy improved communication, increased transparency, and most importantly, more time dedicated to hacking–and to earning rewards. For Bugcrowd customers, Request a Response enables faster access to insights from hackers, when decisions about payments or other submission details would benefit from their feedback.
The Old Standard is Out
Unread comments are frustrating, to say the least. In the crowdsourcing space, it’s common for hackers post comments or questions that need to be addressed on their submissions, but for various reasons, the comment will not receive a response for an unacceptably long period of time–or get no response at all, in some cases.
So, the industry standard has long been: submit a bug, wait for a response, leave a comment while awaiting response, comment goes seemingly unread, reach out to support, and eventually, reach a resolution only after much missed or absent communication.
This cycle of miscommunication leads to confusion and frustration for everyone involved. Hackers are left wondering about the state of a particular submission and when they can expect movement–and their time, resources, and energy take a hit.
Request a Response is Here to Deliver, and Here’s How
To solve this problem, Request a Response will help standardize communication between hackers, customers, and Bugcrowd staff. It allows hackers to directly request additional information, or ask a question to Bugcrowd employees and customers. A request triggers specific workflows, notifications, and alert actions to Bugcrowd and customers, who will then address the request within 48-96 hours. For status updates, hackers receive in-platform and email notifications as their request is addressed.
Communication gaps have been the norm for far too long, and we’re determined to close them. With Request a Response, communication between hackers, Bugcrowd, and customers is streamlined and smooth.
Here’s what our beta testers had to say:
What You Can Expect
Our goal is to make this process as simple and predictable as possible. That leads to clear, reliable communication pathways and timelines.
With this new standard set by Bugcrowd, hackers can request a response from Bugcrowd across seven different categories:
- Issue is Reproducible
- Duplicate State
- Requesting Update
For responses from customers, two types of requests are available: Requesting Update and Other.
Additionally, hackers can provide details about their request to help Bugcrowd staff and customers properly triage and respond to them.
Plus, hackers can use this feature for these different submission substates:
- Out of Scope
- Not Reproducible
- Not Applicable (Bugcrowd only)
This feature is available to the Crowd across our engagements, so hackers and customers can submit a request and receive a quick response, saving time and stress.
The New Standard is Here
Ask questions, get a response: It’s as simple as that. Historically, succinct and predictable communication between hackers, platforms, and customers has been poor, messy, and frustrating. With Request a Response, you can expect clear communication timelines and guaranteed responses.
For more information on Request a Response or any other Bugcrowd feature, please refer to our Researcher Documentation. Follow along as we continue to expand our platform features by following us on Twitter and Instagram, and don’t forget to join us on Discord and the Bugcrowd Forum. Sign up for a researcher account today to start your hacking journey!