Want to pass a note along to Bugcrowd, but don’t necessarily want everyone seeing it? Have you ever submitted a comment that you wanted to call back immediately? Do you obsess over the content of your comments only to realize – too late – that you made a glaring typo that you can’t edit now?
We’ve got you.
With our expanded Private Comments functionality and the ability to Edit and Delete Comments, researchers now have stronger data privacy controls on submissions.
Comment Editing & Deletion
Sometimes humans make mistakes. Typos can be embarrassing, and if you’re working in multiple tabs simultaneously, sometimes the wrong text gets sent to the wrong person. It happens to the best of us! If you make a mistake with a comment, you now have the option to edit or delete it.
There’s a delay between when you post your comment and when we send out notifications to everyone else who should see it. This gives you a 2-minute window to correct any spelling mistakes or delete the comment entirely.
Who has a niece today!?
Once that 2-minute delay is over, the notifications have been sent, and your mistake is immortalized in notifications! (Notifications can be sent via email or third-party integrations like Slack or Jira, so they fan out to a few places)
You can still edit or delete your comments after that delay though, so at least you can correct the original. If you delete a comment, we’ll still show that comment was there, but the content of it will be redacted. This is to prevent confusion for other users.
Bugcrowd also retains an (encrypted) record of all comments and any edits or deletes to them, and any abuse of this system may result in a temporary or permanent ban from our platform.
Private Conversations with Bugcrowd
With our Comments enhancements, you can now send private messages to the internal Bugcrowd team. These private messages will only be visible only to yourselves and the other researcher collaborators on the submission.
This is intended for cases where the content of the message might be confusing or embarrassing for the customer to see. This feature is also meant to ensure you have a direct line of communication with the Bugcrowd team when necessary regarding sensitive issues.
Please Note: In order to access this feature, the Bugcrowd Team must initiate private messaging on your submission and you must agree to exclude technical details unless requested by the team. If you have questions on your submission, please reach out to firstname.lastname@example.org for assistance.
Being transparent with the customer and other participants on the submission is still the best way of working to resolve any lingering questions, but we know there are times when a quick Private Comment is best.
If you need to provide additional evidence of your findings to your submission, you can attach a file, such as video, image, or PDF, to your comment when you respond to the program owner. Supported file types include .avi, .gif, .jpg, .mov, .mpeg and.pdf to give you flexibility in recording your proof of concept!
For more information on submission comments, visit our Researcher Documentation!
Updated December 10, 2020
Stay tuned for more Platform Updates!
Looking for a new program to hack on? Check out our data-driven program recommendations that are Just for You!