Researcher Documents Updates


  •  
  •  
  •  
  •  

In order for Researchers to be successful, it is vital to clearly communicate expectations.

We have refined verbiage in both the Bugcrowd Standard Disclosure Terms and the Bugcrowd Researcher Code of Conduct, and these changes are highlighted below:

In the Bugcrowd Standard Disclosure Terms, we made the following change to clarify our policies for uploading Proof of Concept videos:

We encourage researchers to include a video or screenshot Proof of Concept in their submissions. These files should not be shared publicly. This includes uploading to any publicly accessible websites (i.e. YouTube, Imgur, etc.). If the file exceeds 50MB, upload the file to a secure online service such as Vimeo, with a password.

For more details, please refer to our Reporting a Bug documentation.

Why we made this change:
The most common cause of Unauthorized Disclosure stems from Proof of Concept videos being uploaded to improper platforms. Uploading a video publicly or even setting it to unlisted (which bots can still find) is prohibited. By clarifying our documentation and providing clear instructions, we hope to reduce the number of times Researchers find themselves in this situation.

In the Bugcrowd Code of Conduct, we made the following changes:

  • Added new subsection to Unacceptable Behavior:
    • Unprofessional Conduct, including but not limited to:
      • Aggressive language aimed at any Bugcrowd team member or customer at any time.
      • Attempt to abuse or game any reward system in place with Bugcrowd or any program.
      • Disruptive testing which affects other Researchers’ access to the testing environment, or adversely impacts a customer’s systems and/or accounts.
  • Clarified the verbiage in the Consequence section to reflect enforcement definitions: “In some instances, an offender will be removed from Bugcrowd bounties or from the Bugcrowd community.  All policy enforcement and eligibility decisions are made entirely at the discretion of Bugcrowd.”
  • Clarified the “Terms & Conditions and Standard Disclosure Policy“ section:
  • Minor cosmetic edits for readability.

Why we made these changes:
As the security industry adjusts to new developments and discoveries, our policies must evolve as well. The changes to the Code of Conduct reflect our desire to better support Bugcrowd Researchers, providing transparent expectations of behavior.

There is a new section of our “Resources: For Researchers”, titled Documents. Both the Code of Conduct and the Standard Disclosure Terms are easily located on this page, and will function as a repository for similar documents moving forward.

If you have any questions about these documents or how Bugcrowd policies affect you as a Researcher, please reach out to us at support@bugcrowd.com.

For all our latest updates, follow us @Bugcrowd