Skip to main content

Vulnerability center

One central hub for managing every report you receive

Updated this week

Get a comprehensive view of all reports

Facilitate your report management with the vulnerability center which centralizes all reports all your reports, whether they’re coming from Bug Bounty Programs, VDP, Attack Surface Management or Pentest campaigns.

The reports are all structured in the same fashion to ensure consistency across the board.

Reports overview

The first banner of the page gives an overview of key metrics for your vulnerability management:

  • The “New reports” card displays the number of “New”, “Under review” and “Need more info” reports listed in details in the table below. These reports typically require attention and processing from your team.

  • The “overdue report” card indicates a report that has been accepted but not yet resolved, and which its resolution date, as specified in the Service Level Agreement (SLA), has passed.

ℹ️ Read more about SLA and how to configure them here during the program creation phase.

  • The “Reports waiting for fix” cards are accepted reports that have not been indicated as fixed.

ℹ️ Learn more about the different steps of a vulnerability report workflow here.

  • Finally, a banner showcases the number of accepted reports grouped by severity. Click on any of these cards to get a filtered view of the detailed table below.

ℹ️ The number of reports at the right side are taking into account accepted reports only.

Search & filters

The list of all your reports can be filtered in detail to give a specific view. These filters include:

  • Baseline filters : period, Business Units & programs, status, severity, fix verification, status priority and assignment

  • Advanced ones (on “+ Add filter”) : assessment, asset values, imported, marked as, rewards, scopes, SLA, source, tags, tracking status

Add filters for more special queries:

  • Click on “Add filter”

  • Select a filter in the list

  • To remove all filters, click on “Reset”

Structure of the reports list

The table of vulnerability reports displays key information at a glance to help you manage them:

  • The “Report title” is structured thanks to reports' metadata to ensure readability and consistency across all your reports.

  • The “Program/Author” refers to the program the report belongs to. The author is the Hunter or Pentester that submitted it.

  • The “Assignee” column enables you to see who is assigned to the report. Only one person can be assigned at a time.

  • The “SLA” (Service Level Agreement) column will show an icon for programs it has been set up on. The icon can be hovered to display the due date, and will change color if the report is overdue.

  • Once validated, shows the “Reward” paid for this report.

  • The “Priority” column is calculated automatically by considering the vulnerability's CVSS score, its exploitability and the affected asset's value.

  • The “CVSS” is a score associated with a vulnerability reflecting its severity.

  • Each report has a “Status” indicating its current stage in the workflow (e.g., New, Under Review, Need More Info, Accepted, Duplicate, Resolved, etc.).

Icons glossary

-- Unread comment on the report

-- Assessment done by the triage team

-- Type of program concerned by this vulnerability (BB = Bug Bounty, PT = Pentest, VDP= Vulnerability Disclosure Policy, AS = Attack Surface)

-- Reward amount accepted (in the reward Column)

-- SLA deadline not met, the report processing is overdue

-- SLA set up for this program but not yet overdue

-- Pending fix verification

-- Fix confirmed

-- Fix rejected

ℹ️ Learn more about the details contained in Vulnerability Reports in this dedicated article.

Export

The data displayed in the vulnerability center can be exported in CSV, XLS, JSON and PDF.

  • Click on “Export”

  • Select the “Format/type”

  • Select the “Program”

  • Apply or not “Filters”

  • Click on “Export”

  • Follow your report progress from the “Exports history” window. You’ll be notified by email when the export is done and can be downloaded

💡Tips

To return to the “Exports history” window, click on “Export” and then click on “Exports history”. Then, you can see the exports history of a given program and retrieve previously generated exports (up to 7 days).

  • Export an “executive report” to communicate all Bug Bounty metrics of your program(s) within your organisation. The appendix also includes report details.

Related Articles
Pentest report management
Bug Bounty program creation
SLA Compliance Dashboard
Vulnerability Reports
Vulnerability Reports Workflow
Did this answer your question?