Bugcrowd matches researchers to programs based on a variety of factors, including known skills and expertise. So when a researcher declines an invite to participate in a private program, there’s usually more to it than a mismatch of ability or lack of interest. As most security researchers in the Bugcrowd community have limited time — slotting bug hunting in between work, family, social life, etc., bandwidth is a constant variable. Maybe they’re simply bored of the target type, or find the scope a bit too limited be worth the time they have. The reasons may vary, but are always important to note.
Our latest platform update enables researchers to provide feedback that we can use to ensure program success for our customers, and improve the private invitation experience for everyone in our community.
Review Program Briefs Before Accepting Invite
A thoughtfully-written bounty brief is a good start for attracting a researcher’s attention. Previously, researchers needed to accept a private invite in order to view the bounty brief information. Today’s update enables researchers to review the brief prior to accepting an invitation if they meet all the eligibility requirements. When a researcher rejects the invitation, the program is hidden from the user.
Reject Invites and Give Program Feedback
When a researcher rejects a private invite, they are prompted to select a reason. This feedback is important for program owners, as well as Bugcrowd. Program feedback provides valuable information that enables the Bugcrowd team and customer to consider updates to their program that may make it more attractive to researchers. This might include scope expansion, questions about credentials, or a request for higher reward ranges. This feedback loop enables the Bugcrowd team to quickly address potential program issues, as well as improve how researchers are selected for future program invitations.
Hide Programs from Program List View
Some researchers juggle multiple programs at once. Just like your colleague that has a nauseating number of open tabs on their browser while you prefer a maximum of three at any given time, researchers have equally unique preferences and styles for approaching parallel work-streams. Some prefer to tackle one program at a time, or be a bit more strategic about what’s next if they have a specific skill they’re hoping to build before jumping in. To fit these unique work styles, Bugcrowd now enables researchers to “hide” invitations from their main view until they’re ready to engage.
The ability to “hide” and “un-hide” programs allows researchers to streamline their programs list view. More importantly, it gives researchers the ability to postpone consideration of a program for a later date. If a researcher has limited bandwidth at the time the program invite is received, but the researcher is interested in the program and thinks they might have time to work on it at a later date — they can always come back later!
Interested in learning more about this update? Read more in Bugcrowd’s Researcher Docs.