At Bugcrowd, we’re working to make sure quality of reports stays high.
Here are some quick suggestions that can help improve many submissions, resulting in higher payouts and acceptance rates:
-
Capitalization and clear explanations. We can’t stress how important it is to write out clear descriptions of issues. If you don’t spend the time on your submission, it’s unlikely the program owner will spend time on reading it.
-
Well documented and clear attack scenarios. Attack scenarios tell the program owner why they should care. For example, you can say something like:
“This vulnerability affects all users of your forum. When a user signs up, and enters a username of XYZ@Customer.comand a password of XYZ@Customer.com, then his username is accepted. An attacker could use this vulnerability in conjunction with a username enumeration issue to bruteforce forum usernames and passwords”
For more info on writing great attack scenarios, see this resource.
- Sometimes people write “hope you people fix this” vs saying “Thanks
for your time!”. We prefer politeness and respect in our community,
so make sure to say “thank you” for taking the time!
We find that researchers that take these suggestions in mind have more success, which means you will be more likely to have your submissions accepted and get paid.
Also, make sure to enter your Paypal email address so we can get you paid when you have a submission accepted.
Several links to have a look at:
-
List of great tutorials for various types of exploits and vulnerabilities
-
Join the Bugcrowd Forum and chat with other researchers
Hope this helps. If you have any questions at all, feel free to reach out to support@bugcrowd.com