Bugcrowd’s VRT is a widely-used, open source standard, offering a baseline risk-rating for each vulnerability submitted via Crowdcontrol. The VRT directly maps to the CVSS taxonomy.

Facilitate a common understanding between customers and whitehat hackers.

Remove Subjectivity

Remove Subjectivity

Aligns customers and hackers with a common understanding and taxonomy.

Provide Context

Provide Context

Creates tighter matching between actual risk and the taxonomy rating.

Remediate Faster

Remediate Faster

Focuses efforts on remediating vulnerabilities rather than prioritizing bugs.

clippingpath

Facilitate a common understanding between customers and whitehat hackers.

Remove Subjectivity

Remove Subjectivity

Aligns customers and hackers with a common understanding and taxonomy.

Provide Context

Provide Context

Creates tighter matching between actual risk and the taxonomy rating.

Remediate Faster

Remediate Faster

Focuses efforts on remediating vulnerabilities rather than prioritizing bugs.

BUGCROWD MAPS TO CVSS
Bugcrowd supports CVSS (Common Vulnerability Scoring System) as well as VRT. A CVSS score is automatically generated within the Crowdcontrol platform as soon as the submission has been assigned a VRT rating. If you choose to do so, the CVSS score can be adjusted by using the built-in CVSS 3.0 calculator in Crowdcontrol.

Removes Subjectivity & Provides Context

The VRT is superior to alternative taxonomies in four critical areas, and integrates with industry best practices such as CVSS.

Transparency

Provides a baseline for the technical nature of each bug submission.

Depth

Supports up to three levels of classification hierarchy, providing unparalleled granularity that aligns with real-world application security exploits.

Relevance and Flexibility

The VRT is a living, open source document that maps to CVSS, curated weekly by Bugcrowd experts.

Simplicity

Security teams can quickly identify the impact of any given vulnerability without having to use a complicated calculator.

clippingpath

Removes Subjectivity & Provides Context

The VRT is superior to alternative taxonomies in four critical areas, and integrates with industry best practices such as CVSS.

Transparency

Provides a baseline for the technical nature of each bug submission.

Depth

Supports up to three levels of classification hierarchy, providing unparalleled granularity that aligns with real-world application security exploits.

Relevance and Flexibility

The VRT is a living, open source document that maps to CVSS, curated weekly by Bugcrowd experts.

Simplicity

Security teams can quickly identify the impact of any given vulnerability without having to use a complicated calculator.