Vulnerability Rating TaxonomyFor Faster RemediationVulnerability Rating TaxonomyBugcrowd’s VRT is a widely-used, open source standard, offering a baseline risk-rating for each vulnerability submitted via Crowdcontrol. The VRT directly maps to the CVSS taxonomy.Remove SubjectivityAligns customers and hackers with a common taxonomy.Provide ContextCreates tighter matching between actual risk and the taxonomy rating.Remediate FasterFocuses efforts on remediating vulnerabilities rather than prioritizing bugs.REMOVES SUBJECTIVITY & PROVIDES CONTEXTThe VRT is superior to alternative taxonomies in four critical areas, and integrates with industry best practices such as CVSS.TransparencyProvides a baseline for the technical nature of each bug submission.DepthUnparalleled granularity aligns with real-world application security exploits.FlexibilityOpen sourced, mapped to CVSS, and curated weekly by Bugcrowd experts.SimplicityQuickly identify the impact of vulnerabilities without a complicated calculator.Bugcrowd Maps To CVSSBugcrowd supports CVSS (Common Vulnerability Scoring System) as well as VRT. A CVSS score is automatically generated within the Crowdcontrol platform as soon as the submission has been assigned a VRT rating. If you choose to do so, the CVSS score can be adjusted by using the built-in CVSS 3.0 calculator in Crowdcontrol.Learn MoreImplications for CustomersOur VRT helps customers provide clear guidelines and reward ranges to Hackers hunting on their programs. When vulnerabilities are ready to be fixed, customers receive VRT-mapped remediation advice to help fix what’s found, faster. For more information on our priority rating and worth of a bug, read our recently launched guide “What’s A Bug Worth“.Implications for Bug Hunters Our VRT helps Hackers compartmentalize and target specific vulnerability types, based on their objective priority to Bugcrowd customers. We hope that being transparent about the typical priority level for various bug types will help program participants save valuable time and effort in their quest to make bounty targets more secure.Interested in becoming a Bugcrowd researcher? Join the crowd.Free GuideThe Ultimate Guide to Managed Bug BountyA comprehensive guide to crowdsourced security and the how to implement a successful managed bug bounty program as part of your application security strategy.Learn MoreFrom Our BlogJanuary 10, 2021All You Need to Know About Bug Bounty Testing EnvironmentsDecember 17, 2020You’ve Got Mail! – Receiving Bugcrowd Private Program InvitesDecember 15, 2020Put Another ‘X’ on the Calendar: Researcher Availability now live!MORE BLOG POSTSNewsDecember 15, 2020High-Risk Vulnerabilities Discovery Increased 65% in 2020December 15, 2020Bugcrowd Study Reveals 65% Increase in Discovery of High-Risk Vulnerabilities in 2020 Amid COVID-19 PandemicDecember 14, 202026 Cyberspace Solarium Commission Recommendations Likely to Become Law With NDAA PassageMORE NEWSEventsExcellerate your Hunting with Bugcrowd and Microsoft!In partnership with Microsoft, Bugcrowd is excited to announce the launch of Excellerate, a tiered incentive program that will run…Register NowMORE EVENTS
December 15, 2020Bugcrowd Study Reveals 65% Increase in Discovery of High-Risk Vulnerabilities in 2020 Amid COVID-19 Pandemic
December 14, 202026 Cyberspace Solarium Commission Recommendations Likely to Become Law With NDAA Passage
