Bugcrowd is pleased to announce Target Management, an update to our Crowdcontrol™ platform. Target Management now allows customers to define targets by attributes such as target type and business impact.
This product update presents a new target-focused business approach with the goal of collecting data to provide customers with improved program feedback and a more intelligent platform. The collection of this data will allow us to improve the following capabilities:
- Submission Workflow
- Program Insights
- Curated Crowd Deployment
- Suggested Payout
This update introduces a new way to store targets in a repository at the organization level using the Target Directory. To do this, select Organization Settings > Target Directory.
Here, organization owners can granularly define each target by its ‘type’ and ‘business impact.’
Target Type: Categorize each target based on the seven different types of targets provided in the drop down menu. Select the type that best fits your target; categories include a website, API, iOS, Android, IoT, hardware, and other.
Business Impact: Assess your targets and rate each one; consider whether the target would have a significant impact on your business if compromised. Much like threat modeling, consider variables such as accessibility of the target, if sensitive information is present, and high or low traffic volume to determine whether it should be set as a high, medium, or low impact target.
Program Management – Setting the Scope:
With the new update, a customer will now manage their targets on a program’s brief using the Program Scope tab located on the Program Settings page.
Here, an organization owner or program administrator may search and add new targets from the Target Directory and set targets in or out of scope prior to the program’s start date. All changes to the target scope on the Program Scope page will be reflected on the program brief.
NOTE: Once live, the customer must contact email@example.com to add any additional targets or adjust targets in or out of scope.
Call to Action
Set Target Type and Business Impact:
It is important that customers properly assess each target and assign the appropriate target ‘type’ and ‘business impact.’ Defining each target will serve as valuable data in assisting future Crowdcontrol feature implementations. The end goal will significantly improve workflow, reporting, crowd expertise, and aligned expectations between customers and researchers. These changes can be made by the organization owner – the “how to” steps to make these changes are explained in greater detail on the Crowdcontrol documents page.