Successful customer/researcher collaboration requires a common understanding of risk severity. The Bugcrowd Vulnerability Rating Taxonomy (VRT) provides it.
The Bugcrowd VRT is an open-source, industry-standard taxonomy that aligns customers and researchers on a common set of risk priority ratings for vulns we see often and edge cases. VRT ratings can also be easily converted to CVSS in the platform. Bugcrowd reviews proposed changes to the VRT from the community on a weekly basis.
The VRT helps customers provide clear guidelines and reward ranges to researchers hunting in their programs. When vulnerabilities are ready to be fixed, customers receive VRT-mapped remediation advice to help fix what’s found, faster.
Being transparent about vulnerability priority levels helps researchers optimize their time and effort to work on things they value. For that goal, VRT helps researchers focus on specific vulnerability types based on their objective priority to Bugcrowd customers.
Attackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.
Penetration Testing as a Service (PTaaS) Done Right
Read More
Bugcrowd Releases Vulnerability Rating Taxonomy 1.9 with More Classifications for Credential Exposure
Learn More
The Business Value of Bugcrowd Security Solutions
Consistency is Key: Aligning Bugcrowd’s VRT with CVSS
Bugcrowd’s Vulnerability Rating Taxonomy Goes Open Source
Priority One Report