Report Components

Reports are an essential part of a bug bounty program as they provide program managers with detailed information about a vulnerability, allowing them to understand the scope and impact of the issue, and take appropriate action to address it.

Report Data

Reports typically consist of different components that provide a holistic view of the vulnerability, including:

• Report Summary: A brief overview of the vulnerability or issue reported, including a summary of the potential impact and severity of the issue.

• Vulnerability Impact: An assessment of the potential impact of the vulnerability on the affected system or application, including the potential risks or consequences.

• Description: A detailed explanation of the vulnerability or issue, including technical details of how it can be exploited, and the affected systems or applications.

• Proof of Concept: A demonstration of how the vulnerability can be exploited, such as proof-of-concept code or a video.

Metadata Panel

The Metadata Panel is a feature located on the right side of the report in that provides program managers with detailed information about the report and the reporter. The information included in the Metadata Panel is essential for program managers to understand the scope and impact of the vulnerability and to take appropriate action to address it.

Some of the key information included in the Metadata Panel are:

• Report ID: A unique identifier for the report, which can be used to refer to the report in future communications.

• Report Title: A brief title that summarises the vulnerability or issue reported.

• Vulnerability Category: The category of the vulnerability, such as Cross-Site Scripting (XSS) or SQL Injection.

• Priority: The priority assigned to the vulnerability, which indicates the urgency of addressing the issue.

• Vulnerable Endpoint: The specific location or endpoint where the vulnerability occurs, such as a specific URL or API endpoint. [This is an optional field]

• Report Status: The current status of the report, such as New, Triaged, Resolved, or Closed.

• Report Assignee: The individual or team responsible for evaluating and addressing the vulnerability.

• Reporter: Information about the reporter, such as their username and KYC (Know Your Customer) status.

Conversation Timeline

The Report Timeline is a feature that provides a chronological view of all the activity that occurs in a report between the program managers and the hackers involved. It allows program managers to track the progress of the report and stay informed of any updates or changes.

The Report Timeline shows the following activities:

• Comments: When program managers or researchers add a comment to the report.

• State Changes: When the state of the report changes, such as from "New" to "Triaged" or "Resolved".

• Assignments: When the report is assigned to a program manager or team member.

• Reward Updates: When a reward is assigned for a given report.

• Severity Changes: When the severity of the report changes, such as from "P3" to "P1".

The Report Timeline provides program managers with a clear view of all the activity that has occurred on the report and helps them to understand the progress of the report, as well as any changes that have been made.