skip to Main Content

Vulnerability Rating Taxonomy

For Faster
Remediation

Bugcrowd’s VRT is a widely-used, open source standard, offering a baseline risk-rating for each vulnerability submitted via Crowdcontrol. The VRT directly maps to the CVSS taxonomy.

simplify-icon

Remove
Subjectivity

Aligns customers and hackers with a common taxonomy.

reporting-icon

Provide
Context

Creates tighter matching between actual risk and the taxonomy rating.

curated_testing-icon

Remediate
Faster

Focuses efforts on remediating vulnerabilities rather than prioritizing bugs.

REMOVES SUBJECTIVITY & PROVIDES CONTEXT

The VRT is superior to alternative taxonomies in four critical areas, and integrates with industry best practices such as CVSS.

vulnerability_disclosure-icon

Transparency

Provides a baseline for the technical nature of each bug submission.

application-icon

Depth

Unparalleled granularity aligns with real-world application security exploits.

Flexibility

Open sourced, mapped to CVSS, and curated weekly by Bugcrowd experts.

Simplicity

Quickly identify the impact of vulnerabilities without a complicated calculator.

Bugcrowd Maps To CVSS

Bugcrowd supports CVSS (Common Vulnerability Scoring System) as well as VRT. A CVSS score is automatically generated within the Crowdcontrol platform as soon as the submission has been assigned a VRT rating. If you choose to do so, the CVSS score can be adjusted by using the built-in CVSS 3.0 calculator in Crowdcontrol.

Implications for Customers

Our VRT helps customers provide clear guidelines and reward ranges to Hackers hunting on their programs. When vulnerabilities are ready to be fixed, customers receive VRT-mapped remediation advice to help fix what’s found, faster. For more information on our priority rating and worth of a bug, read our recently launched guide “What’s A Bug Worth“.

Implications for Bug Hunters

Our VRT helps Hackers compartmentalize and target specific vulnerability types, based on their objective priority to Bugcrowd customers. We hope that being transparent about the typical priority level for various bug types will help program participants save valuable time and effort in their quest to make bounty targets more secure.

Interested in becoming a Bugcrowd researcher? Join the crowd.

Resource Tile - VDP Guide
Free Guide

6 Questions to Ask Before Implementing a Vulnerability Disclosure Program

Learn about the 6 questions to ask before implementing a vulnerability disclosure program.
Learn More

Events

Data Connectors Louisville

Bugcrowd is proud to be a sponsor of the Data Connectors Louisville Cybersecurity Conference! We’ll…

Connect With Us
Event Tile - A Day in the Life of a Pen Tester 2
A Day in the Life of a Pen Tester Part 2

Penetration testing has become the defacto standard for vulnerability assessment over the past couple decades…

Connect With Us
LevelUp 0x04

LevelUp is a free series of online security conferences with content for the hacker and…

Connect With Us
Listen In on a Day in the Life of a Pen Tester ( Part 2 )Register Now
+
Back To Top