Hackers submit reports to your security team that contain detailed information about the security issues that the hacker has identified.
One of the most important elements of running a successful bug bounty campaign is ensuring you get high quality reports where hackers are providing you with all the information you need to verify and validate the vulnerability. You can customize the form where hackers submit their vulnerability reports.
Customizing the Report Submissions Form Page
To customize your report submissions form page:
Go to Program Settings > Program > Submit Report Form.
Toggle Yes or No for whether you want your program to accept new report submissions or not.
Edit these sections:
Section
Details
Introduction Text
This text is shown at the top of the report submissions page for hackers. You can:
highlight important information from your policy and bounty eligibility
specify attributes of a good report
address frequently asked questions
provide any additional guidance for hackers
Report Template
Configure the Markdown-based report template with the information you want hackers to provide. The template will be pre-populated with your requested fields when a hacker submits a new report. The more details you provide in the template, the more you ensure that hackers are providing you with all the information you need to verify and validate the report. Note: The template must be written in Markdown.
Weakness Configuration
A weakness is a type of mistake in software that introduces vulnerabilities within that software. All weaknesses are shown by default and are organized in clusters (a set of weaknesses). To edit vulnerability display preferences, click Edit and you can choose from these options:
Show: Reports can be submitted. You can add a contextual message if you have extra instructions or information pertaining to the weakness. Hackers can see the extra instructions on the submission page after selection.
Hide: The weakness isn't shown on the submission page and is not available to be selected by hackers.
Disable: The weakness will be displayed, but reports with this weakness can't be submitted. This option is often used if there is a common weakness type you've decided to put out of scope and you wish to attach an explanation of why this weakness type is out of scope.
