Vulnerability Rating Taxonomy
Aligns customers and hackers with a common taxonomy.
Creates tighter matching between actual risk and the taxonomy rating.
Focuses efforts on remediating vulnerabilities rather than prioritizing bugs.
Bugcrowd Maps To CVSS
Bugcrowd supports CVSS (Common Vulnerability Scoring System) as well as VRT. A CVSS score is automatically generated within the Crowdcontrol platform as soon as the submission has been assigned a VRT rating. If you choose to do so, the CVSS score can be adjusted by using the built-in CVSS 3.0 calculator in Crowdcontrol.
Implications for Customers
Our VRT helps customers provide clear guidelines and reward ranges to Hackers hunting on their programs. When vulnerabilities are ready to be fixed, customers receive VRT-mapped remediation advice to help fix what’s found, faster. For more information on our priority rating and worth of a bug, read our recently launched guide “What’s A Bug Worth“.
Implications for Bug Hunters
Our VRT helps Hackers compartmentalize and target specific vulnerability types, based on their objective priority to Bugcrowd customers. We hope that being transparent about the typical priority level for various bug types will help program participants save valuable time and effort in their quest to make bounty targets more secure.
Interested in becoming a Bugcrowd researcher? Join the crowd.