skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Private Commenting on Submissions

Private Commenting On Submissions

Want to pass a note along to Bugcrowd, but don’t necessarily want everyone seeing it? Have you ever submitted a comment that you wanted to call back immediately? Do you obsess over the content of your comments only to realize – too late – that you made a glaring typo that you can’t edit now?

We’ve got you.

With our expanded Private Comments functionality and the ability to Edit and Delete Comments, researchers now have stronger data privacy controls on submissions.  

Private Conversations with Bugcrowd

Customers have been able to message the Bugcrowd team privately since way back. That feature has now been extended to the entire Crowd. With our Comments enhancements, you can now send private messages to the internal Bugcrowd team. These private messages will only be visible only to yourselves and the other researcher collaborators on the submission.

That’s right! When you submit a private comment, customers won’t be able to see it. This is intended for cases where the content of the message might be confusing or embarrassing for the customer to see, or in the case of coordinated disclosures – the public at large! This feature is meant to ensure you have the best line of communicating sensitive issues that the Bugcrowd team might be able to help with or clarify. 

Being transparent with the customer and other participants on the submission is still the best way of working to resolve any lingering questions, but we know there are times when a quick Private Comment is best.

Comment Editing & Deletion

Sometimes humans make mistakes. Typos can be embarrassing, and if you’re working in multiple tabs simultaneously, sometimes the wrong text gets sent to the wrong person. It happens to the best of us! If you make a mistake with a comment, you now have the option to edit or delete it.

There’s a delay between when you post your comment and when we send out notifications to everyone else who should see it. This gives you a 2-minute window to correct any spelling mistakes or delete the comment entirely. 

Who has a niece today!?

Once that 2-minute delay is over, the notifications have been sent, and your mistake is immortalized in notifications! (Notifications can be sent via email or third-party integrations like Slack or Jira, so they fan out to a few places)

You can still edit or delete your comments after that delay though, so at least you can correct the original.

Note that Bugcrowd retains an (encrypted) record of all comments and any edits or deletes to them, and any abuse of this system may result in a temporary or permanent ban from our platform. 

If you delete a comment, we’ll still show that comment was there, but the content of it will be redacted. This is to prevent confusion for other users.

Uploading Attachments 

If you need to provide additional evidence of your findings to your submission, you can attach a file, such as video, image, or PDF, to your comment when you respond to the program owner. Supported file types include .avi, .gif, .jpg, .mov, .mpeg and.pdf to give you flexibility in recording your proof of concept!

For more information on submission comments, visit our Researcher Documentation.

Stay tuned for more Platform Updates! 

Looking for a new program to hack on? Check out our data-driven program recommendations that are Just for You! 


Breonna Burrell

Community Engagement Manager

Back To Top