At Bugcrowd, our researchers pride themselves on submitting well-written, detailed reports that allow customers to easily understand the impact of the vulnerability discovered. Today we’re taking a big step forward in this process and have updated the Bugcrowd Crowdcontrol platform to support image embedding in a researcher’s bug submission!

Over the past year we increasingly heard that researchers wanted more flexibility in our submission form, allowing them to properly explain the bugs they’ve found with text and images side by side.

A researcher’s bug submission is their opportunity to inform the Bugcrowd team and our customers of the vulnerability they discovered. Images shown within the context of the submission will now enable the researcher to tell a more compelling, clear story of their findings.



We kicked off 2019 with the creation of a team within our Engineering group focusing solely on researcher platform features. A member of the Researcher Development team, Glenn ‘devalias’ Grant, recently joined Bugcrowd and has a background as a bug bounty hunter and security researcher. Glenn was excited to take on this task, as it was a feature that he himself wanted to see in the platform, and we’re so excited to see it live.

“It’s funny actually… one of the things I complained asked about back in the day as a researcher was improving the UX of the submission form. There was nothing quite like the pain of dropping an attachment onto the page and watching my hard written words disappear, leaving just the rendered attachment staring back at me in its place. When I came on board with the Researcher team, one of the first tasks offered to me was improving this same UX (I’ll let you decide if those factors are related…). Words can be good, but sometimes it takes far too many to describe the context of what could be more easily shown with a well placed inline screenshot. Here’s hoping that with the release of image embeds that I can make that submission UX just a little more frictionless for you all. Less time required for reporting means more time for hunting (or hacking gibsons)!” – devalias

Once again, thank you to everyone in the community who shared their feedback in past researcher surveys, in tweets, or at events. We are very pleased to share this feature with the Crowd.

Want to learn more? Check out Researcher Docs page for more info.

Let us know what you think! Tweet us @Bugcrowd and share your thoughts.