⚡Changelogs

Find out what's changed or is new on BugBase!

December 2024

1. Report tabs & filter updates

• The Reports section for both Program and Bounty Hunter users has been enhanced to help you focus on the most important reports. Additionally, new filters and sorting options have been added, allowing you to customize your view.

Learn more about these here:

For Program Managers - Program Reports Section

For Bounty Hunters - Bounty Hunter Reports Section

2. Whitelisting bounty hunters on assets

• Companies can now whitelist bounty hunters' credentials (phone, email, or both) on specific assets.

• Companies can now enable whitelisting for credential vaults. Require Whitelisting for a Credential

Learn more about these here:

For program managers - Whitelist

For bounty hunters - Whitelist

3. Collaboration on Private Programs

Enables users to manage collaboration preferences, allowing communication with other bounty hunters in private programs.

Learn more - Collaborate

November 2024

1. Editable Report Title (Program only feature)

• Program managers with the necessary permissions can now edit report titles using the edit icon next to the title.

2. New Report Status Label - Under Program Review

• We have introduced a new Report Status Label - Under Program Review to have better visibility for the reports pending action/review from the Program Admins after the initial Triage by BugBase.

• Learn more here Program Reports Section

3. Custom Report Tags (Program only feature)

• We have introduced custom report tags which helps Program Managers to filter reports based on custom tag names.

• Learn more about Report Tags here: Report Tags

4. Redesigned Scope Groups in Program Policy

• Introducing the updated Scope Groups design which brings clarity on the In-Scope and Out-of-Scope assets along with eligibility for Bounty or Swags.

5. Custom Hall of Fame Addition

• Programs can now add custom hall of fame members on their policy page to acknowledge any researchers that are not a part of BugBase.

October 2024

1. Program Statistics on Policy Page

• Program statistics like average first response time/triage time/resolution time are now visible on program pages.

March 2024

1. Leaderboard Enhancements: Country Filter and Search Functionalities

• Improved Leaderboard Design: The design of the leaderboard has been updated for enhanced usability and aesthetics.

• Country Filter and Default Setting: Added a country filter allowing users to filter leaderboard results by country. Default filter setting is "Global," displaying all individuals on the leaderboard initially.

• Search Functionality: Search bar for easy lookup of specific individuals on the leaderboard.

2. Bounty Assignment Approval System

• Companies can now designate certain individuals who require approval for bounty assignment.

• Users marked for approval will not be able to assign bounties directly but will require approval from authorized individuals.

• Requested bounties will be visible to program users.

• Users who do not require approval for bounty assignment can accept or deny bounty requests from those requiring approval.

3. Asset Assignment and Restricted Access Control

• Companies can now assign specific assets to designated assignees within BugBase.

• Users have restricted access to reports, bugs, etc., for the assets they have been assigned to.

• This feature ensures heightened security and privacy by limiting access to sensitive information to only those with explicit authorization.

4. Asset-Focused Insights Filtering

Users can now view insights tailored to specific assets or projects. This feature enables users to focus on insights relevant to their assigned assets or projects, optimizing decision-making and efficiency.

5. Move Reports between programs in an organisation

Company & Program Admins can now move reports across programs in the same organization, this allows companies to segregate the reports based on a particular asset, brand and confidentiality (Public or Private)

6. Improved UI for settings page

BugBase has updated its Settings page, moving the navigation menu to the left for easier access. Everything you're used to is still there, but now it looks cleaner and more organized. This change makes it simpler for both hackers and companies to navigate and customize their preferences.

February 2024

1. On-demand VPN Servers for Testing Private Assets

Companies can now launch VPN Servers managed by BugBase for testing private assets by whitelisting their In-Scope testing assets to the VPN server. This includes logging of bounty hunter traffic, rate-limiting, blacklisting particular routes, geolocation restrictions etc.

2. Timezone Preference

• Users can now personalise their experience by setting their preferred timezone within their profiles.

• This feature adjusts the display time on users' screens to match their chosen timezone selection.

• Users have the flexibility to select any timezone from the available options, ensuring accurate time representation throughout the platform.

3. New Hacker Profile

• Overall Design Overhaul: The profile page has been streamlined for a cleaner and simpler aesthetic, enhancing usability and focus on key information.

• Bug Submission Graph: Introduction of a graphical representation of bug submissions. This visual element allows hackers to quickly see their reporting activity over time, making it easier to track submissions and identify periods of high or low activity.

• Activity Timeline (Hacktivity): The 'Hacktivity' section has been transformed into a timeline format, providing a chronological view of a hacker's activities within each year. This makes it easier to follow the history of one's contributions and achievements.

• Redesigned Badges: Badges have received a new design, likely to improve visual appeal and distinguish the achievements they represent more clearly

January 2024

1. Competition Reminder Trigger

Companies can now set up triggers to notify all users one day before, 30 minutes before, and when the competition starts.

December 2023

1. Program side notifications filters by hackers and bug report

Companies can now filter notifications received by their programs and mark them as read.

November 2023

1. Public Global Leaderboard for bounty hunters

The Global Leaderboard is now Public on https://bugbase.in/leaderboard! Go ahead and flaunt your hacking skills and reputation by sharing the leaderboard with your friends and show them how cool you are 😎

2. Bounty Hunter Feed (Previously Notifications)

Now the hacker feed is available, where the user can see all the feed customised according to their activity. It includes upcoming programs, details about their bug reports, important announcements as well as any invitation to private programs.

3. Campaigns

Now a company has the chance to create a customized campaign with their preferences and release it.This option can be accessed from the sidebar and the main screen would show the list of completed and ongoing campaigns.

once the details are filled up it shows a preview of the campaign to be released.

October 2023

1. Confirming Priority on Bug Reports

Upon submission of a bug report by a security researcher/bug bounty hunter, our system initiates a priority validation process. A designated triager or the program representative reviews the submitted vulnerability to confirm whether its assigned priority accurately reflects its potential risk and impact. Once the priority is confirmed, the corresponding bounty is assigned based on this validated priority, ensuring that critical vulnerabilities are addressed promptly and rewards are distributed fairly.

September 2023

1. Multi-Language Support for Bug Bounty Program Policy

Users can now read our Bug Bounty Program Policy in multiple languages. This feature aims to make our platform more accessible and inclusive for our global user base.

• Supported Languages: English, Hindi, Telugu, Bengali, Gujarati, Kannada, Malayalam, Marathi, Tamil, Spanish, French, German, Chinese (Simplified) and Dutch.

• Language selection is available at the top-right corner of the Bug Bounty Program Policy card.

2. Multiple Email Notifications for Companies

Companies can now specify different group of email addresses for various types of notifications. This feature allows for better organization and quicker response times for critical issues.

• Bug Report Notifications: Companies can now designate a specific email address to receive all notifications related to bug reports.

• Program-Related Notifications: Set up a separate email address for notifications concerning program updates, new features, and announcements.

• Pentest-Related Notifications: Choose an email address to receive all notifications related to penetration testing activities and reports.

• Payment Notifications: A separate email address can be set up to receive all payment-related notifications, such as transaction confirmations and invoices.

To use this feature: Navigate to Company Settings Page >> Click on Manage Email Notifications

August 2023

1. Change Report priority by company

Now, company can view a report and have the option to change the priority of the specific report according to their discretion.

2. Last seen internal activity on bug report

The last seen internal activity on any bug report is visible now in report chat thread.

July 2023

1. Request Program Activity Report

Now, companies can ask for a performance report of a specific program within a desired period of time from the program dashboard. This generates a program activity report for the requested time.

June 2023

1. Notification Email Mapping

Companies can now assign separate emails for receiving notification on different categories of events. Which will allow hassle free communication.

2. Filter report trends chart by time period in Insights page

Now, companies can use the filter in Report trends sections to view statistics for the selected time period.

3. RBAC for competition programs

Role Based Access Control (RBAC) is now available for competition programs as well. Every organisation member can have access to different actions based on their role.

4. Assign rewards modal updated design

Now, companies can select the type of reward they want to assign to the security researcher by selecting any of the three options provided.

May 2023

1. Asset Based Credential Management for Companies

Companies can now import testing credentials for a particular asset on the BugBase Dashboard itself and assign them the Bug Hunters Seamlessly!

2. Assigning Thanks to Bug Reporters

BugBase is excited to announce the introduction of a new feature - "Assign Thanks" on Platform. This feature allows program owners to express their gratitude and appreciation to the reporters who have contributed to improving the security of their applications. In addition to assigning monetary rewards for valid bug reports, program owners now have the option to assign thanks to reporters as a way of acknowledging their efforts and valuable contributions.

3. JIRA Cross-Sync Toggle

Program Admins can now choose if they want Cross-Sync with JIRA. Cross-Sync basically updates and changes performed on JIRA on BugBase and Vice-Versa this includes comments, status changes etc.

April 2023

1. Added a section for Top Programs in insights dashboard

Now the insights dashboard contains top 3 performing programs of the company along with the activity and bugs submitted in the current month.

2. Response Generation through ChatGPT on Report Chat

You can now generate replies using ChatGPT on any Bug Report on BugBase,which enables you to generate clear AI driven responses for frequently asked questions and customer inquiries without spending time crafting individual responses.

3. Multi Factor Authentication for all accounts on BugBase

For increased security, the Multi-factor authentication (MFA) has been added to BugBase. All users can now set-up MFA via an Authenticator App or through Email.

4. Authentication through Single Sign On [SSO - SAML2.0]

Company Accounts can now setup login through SSO where organization members can use their Identity Provider email to sign-in to BugBase and access the Dashboard.

5. Bounty Hunter Preferences in Settings

Added Shipping Address and T-Shirt Size Preference for Bounty Hunters.

6. Payout Page Updated Design (Programs only)

Now Program Admins can view Shipping Address for the assigned swags in their specific Reward Details page, this reduces the complexity of asking the address on the Report Chat. Additonally Program Admins can enter Shipping Details, this can be a Tracking URL for swags or any instructions updating the reporter on the whereabouts of the swag assigned.

March 2023

1. Added Swag & Bounty Tags while viewing a single Program

Bounty Hunters can now get information about the rewards offered by a program on BugBase by looking at Swags and Bounty Tags

2. Embed Attachments in the Proof Of Concept section while Creating a Report

Now the POC Section supports inline markdown attachments upload for easier understanding of the Report

3. Updated Chat Message Box with Quick Actions (Only for Company Accounts)

4. Add Custom Quick Actions for Quicker Response (Only for Company Accounts)

Now Program managers can create custom quick actions for faster responses to the bug reporters

5. Role Based Access Control [RBAC] (Only for Enterprise Company Accounts)

Invite members to your organization and assign them roles with limited permissions to access the various BugBase Dashboards

February 2023

1. Bookmark/Save Programs

Hackers can now save time by bookmarking their frequently used programs. The bookmarked programs can be easily accessed in the "saved" tab of the Programs page, eliminating the need to search repeatedly.

Once a hacker submits a bug report, the program is automatically bookmarked for easy access in the future. This allows for quick and efficient follow-up on resolved bugs, and helps to keep track of all reported issues. The integration of bug reporting and program saving makes the process seamless and efficient, ensuring that hackers can focus on what they do best.

2. Changing Status for Bug Reports is now easy!

It is now even simpler to change a report's status with the new design update for changing the bug report status.

January 2023

1. New Hacker Email Alias

Hackers can now use a unique email alias to receive notifications from BugBase.

This alias can be used to create testing accounts and may be necessary for certain testing purposes.

This alias is automatically assigned in the form of [username]@teambugbase.com.

2. Reporting Lifecycle Change

We have made some changes to the reporting lifecycle.

Now all reports will be in one of the following states:

Open State

• Draft [Awaiting Submission - Editable State]

• New [Report Submitted]

• Triaged [Report Assigned to a Program Representative]

Closed State

• Resolved [Report Resolved by the Program]

• Duplicate [Report Marked as Duplicate]

• Invalid [Report Marked as Invalid]

• Informational [Report Marked as Informational]

3. New Hacktivity Reputation Table

Researchers can now track all their reputation history in the Hacktivity Reputation Table located in their profile page.

This can be found in the profile page of a security researchers https://bugbase.in/profile/[username].

4. Integration with SumoLogic

Now Enterprise Customers can log events from BugBase onto their SumoLogic Collectors seamlessly with one click!

December 2022

1. Fresh Look for your Hacker Profile!

We have revamped the hacker profile page with a clean and modern look.

Visit your profile page at https://bugbase.in/profile/[username]

• Now you can see your top-ranked competitions!

• Your success rate and total bounty earned is now visible on your profile.

• Added few more Report statistics like closed reports, total reports and ongoing reports.

• Hall of Fame mentions are now visible on your profile.

• Badges earned are now visible on your profile.

• Social media links can now be added to your profile!

2. Draft Reports & Number of Reports

Hackers can now save their reports as drafts. This will help hackers to save their reports as drafts and continue working on it later.

Additionally hackers can now see the number of reports under each status.

Reports can be saved as drafts by clicking on the Save as Draft button while submitting a report.

3. Hacker Reporting Flow Updations

We have made some changes to the reporting flow for hackers.

3.1. Vulnerability Endpoint

We have added a new section Vulnerability Endpoint to the reporting flow. This section will help hackers to pin-point the endpoint where the vulnerability was found.

3.2. Report Summary

We have added a new section Report Summary to the reporting flow. This section will help hackers to provide a brief summary of the report.

3.3. Report Vulnerability Impact

We have added a new section Report Vulnerability Impact to the reporting flow. This section will help hackers to provide a brief summary of the impact of the vulnerability.

3.3. Syntax Highlighting in Markdown

We have added syntax highlighting in the markdown editor. This will help hackers to write better reports with proper syntax highlighting.

4. Assign Reports to your Team & Track Reports Seamlessly

Companies can now assign reports to their team members. This will help companies to assign reports to their team members and keep track of the reports.

5. Collaboration in Reports

Hackers can invite other hackers to collaborate on their reports. This is only allowed if the program allows collaboration. This will help hackers to collaborate with other hackers on their reports and give more insights on the report.

November 2022

1. Introducing 3 New Tiers for companies

BugBase now has 3 Tiers for companies curated to fit your needs. You can now choose between the Free, Pro and Enterprise tiers.

• Free - Companies can host unlimted Vulnerability Disclosure Programs (VDPs) free of cost and receive real-time notifications for new vulnerabilities.

• Professional - Has everything that the Free tier has, plus the ability to host upto 2 Managed Bug Bounty or Private Bug Bounty programs. This tier also includes Integrations that directly connect BugBase with your existing tools like Webhooks, JIRA, Slack, MS Teams and more.

• Enterprise - Has everything that the Professional tier has, plus the ability to host upto 4 Managed Bug Bounty or Private Bug Bounty programs. This tier also includes Managed Rapid Triage, a dedicated Security Analyst, Priority Support and much more!

To view the full list of features, visit our Pricing Page.

2. The all new VDP Program

Companies can now host their own Vulnerability Disclosure Programs (VDPs) on BugBase. VDPs are a great way to receive real-time notifications for new vulnerabilities and also to build a strong relationship with the security community.

To start with creating a program, join BugBase by clicking here.

October 2022

1. Secondary Notification Email

Now companies can configure an alternate email address to receive notifications.

This is useful for receiving notifications on a group email address or a specific team email rather than a personal email address.

• All notifications will be sent to the primary email address by default.

• If you want to receive notifications on the secondary email address, you can enable it in the settings page.

September 2022

1. All new Insights Dashboard

Now companies can efficiently analyse all the important statistic on the dasboard itself.

• Check the number of resolved and unresolved reports

• Insights of latest critical reports

• Report trends with respect to the severity of the report.

• Quickly get a glimpse of the risk factor, total vulnerabilities and issues.

2. Add assets across programs:

Companies can now add all domains and subdomains as "assets" on BugBase and monitor bugs and vulnerabilities on specific assets. These assets can be used to create programs. Assets can be seamlessly managed on the asset dashboard.

3. Risk level analysis

Companies can now have a quick glance of the total risk factor, this is done by all analysing the severity of all the bugs/vulnerabilities that have been reported.

August 2022

1. New workflow integrations to our integrations suite.

• Asana Integration: Now companies can seamlessly harness the power of Asana and transfer a bug report as a task, directly onto their Asana Project. A default section needs to be selected in the configuration, the bug report will automatically get created in the chosen default section. Read this guide to learn more about the Asana integration.

• GitHub Integration: Now, a bug report can now be directly transferred to any selected GitHub repository. A new issue will be created in the selected repository to help companies efficiently track the reports. Read this guide to learn more about the GitHub integration.

We now support integrations with:

1. Jira

2. GitHub

3. Asana

4. Slack

5. Microsoft Teams

6. Webhooks

2. Introducing Light Theme on BugBase

The entire platform is now available in dark and light themes.

3. Revamped UI for onboarding a New Program

The new UI provides a seamless interface for creating a new program. Added a new and intuitive timeline based onboarding

4. Added support for zip and mp4 files:

• Hackers can now submit Zip and Mp4 along with their bug reports

• Companies can upload zip and mp4 files as questions for the competitions

July 2022

1. Grouping of Assets / Scopes

Now you can group assets and scopes together and have a common bounty for each group.

2. New KYC System for Security Researchers

Now security researchers can verify their paymet via our KYC system.

This also gives them a KYC Verified tag which companies can use to pay bounties

Researchers can save their details and Request for KYC Verification