Assigning Submission Statuses

When a researcher submits a submission, its status will be New. After you review the submission and determine its validity, you can change the submission status to one that reflects its state more accurately.

Status Options

There are three categories of statuses: OPEN, ACCEPTED, and REJECTED. Within each category are the following statuses:

  • OPEN

    • New: A submission that has not yet been examined.
    • Triaged: A submission that has been confirmed valid and unique by a Bugcrowd Application Security Engineer (ASE), and is ready for you to accept.

  • ACCEPTED

    • Unresolved: A submission that has been accepted as a valid issue that needs to be fixed. If the engagement offers monetary rewards, you should reward the submission.
    • Resolved: A valid submission that has been fixed.
    • Informational: A submission that is reproducible but will not be fixed. Use this if the submission is a best practice issue that won’t be fixed, a minor priority issue, or if you have an existing mitigation in place. Make sure to explain your reasoning.

  • REJECTED

    • Out of Scope: A submission that is out of scope with the criteria outlined in the engagement brief. Make sure you explain your reasoning and point out the specific line in the brief.
    • Not Reproducible: A submission that was not reproducible at this time. Make sure you provide detail so the researcher can improve.
    • Not Applicable: A submission that you reject because it does not apply to your application.

Changing Submission Status

To change a submission’s status, go to the Submissions Page and select the submission you want to update.

Click on the status dropdown to view a list of available statuses.

change-status

Select the status you want to assign to the submission.

select-status

Additionally, here are some important callouts to consider for duplicate issues:

  1. If you mark a submission as a duplicate, you must specify the submission that it duplicates. It can be a duplicate of a submission you’ve received as part of your Security Program or a duplicate of an issue tracked outside of Bugcrowd. However, Bugcrowd requires a data artifact to be provided to allow us to compare against as a Known Issue. The original issue can be any end state (such as Unresolved or Informational) and the duplicate submission will inherit this state when flagged as duplicate.

  2. A submission cannot be marked as a duplicate if the previous submission is already in a Resolved state. If the issue is still reproducible, it indicates the applied fixe has been bypassed. Therefore, the submission is eligible to be resubmitted and must be considered unique, which makes it eligible for a reward.

When you hover on a submission state, it shows the description and the points that a researcher can earn or be removed.

state-description-points

Quickstart Expand to see sub-pages
Onboarding Expand to see sub-pages
Organization Management Expand to see sub-pages
Security Program Management Expand to see sub-pages
Engagement Management Expand to see sub-pages
Target Management Expand to see sub-pages
Single-Sign-On Expand to see sub-pages
Security Expand to see sub-pages
Roles and Permissions Expand to see sub-pages
Submission Management Expand to see sub-pages
Integration Management Expand to see sub-pages
Reporting Organization Expand to see sub-pages
Reporting Security Program Expand to see sub-pages
Incident management Expand to see sub-pages
Visit bugcrowd.com