Bugbop with spider-like logo

Triager Guide

Learn how to effectively triage and manage vulnerability reports on Bugbop.

← Back to Documentation

Getting Started as a Triager

Welcome to Bugbop! As a triager, you play a crucial role in evaluating, prioritizing, and responding to vulnerability reports. This guide will help you get started with your responsibilities.

Step 1: Understanding Your Dashboard

Your dashboard provides an overview of all reports assigned to you:

  • New Reports: Recently submitted, awaiting triage
  • In Progress: Reports you're currently working on
  • Needs More Info: Waiting for additional details from researchers
  • Pending Fix: Validated reports awaiting resolution
  • Resolved: Reports that have been fixed and closed

Step 2: Triaging Reports

When a new report comes in:

  1. Review the report details, including steps to reproduce
  2. Verify the report is in scope for your program
  3. Attempt to reproduce the issue using the provided instructions
  4. Assess severity based on your program's guidelines
  5. Check for duplicates against existing reports

Step 3: Evaluating Reports

When a new report comes in:

  1. Review the report details, including steps to reproduce
  2. Verify the report is in scope for your program
  3. Attempt to reproduce the issue using the provided instructions
  4. Assess severity based on your program's guidelines
  5. Check for duplicates against existing reports

Step 4: Communicating with Researchers

Clear communication is essential:

  • Use the "Add Comment" feature to ask questions or provide updates
  • Be specific about what additional information you need
  • Provide regular status updates, especially for complex issues
  • Maintain a professional tone, even for invalid reports

Step 5: Changing Report Status

Update the report status as you process it:

  • Needs More Info: When you require additional details
  • Duplicate: When the issue has been previously reported
  • Not Applicable: For out-of-scope or non-issues
  • Triaged: When validated and ready for fixing
  • Resolved: When the issue has been fixed

Step 6: Internal Collaboration

Work effectively with your development team:

  • Use the "Internal Notes" feature for team-only communication
  • Assign reports to specific team members when needed
  • Link reports to your issue tracking system
  • Document remediation steps for future reference

Step 7: Recommending Bounties

If your program offers monetary rewards:

  1. Review your program's bounty structure
  2. Consider the report's quality, severity, and impact
  3. Make a bounty recommendation in the "Reward" section
  4. Wait for program admin approval before finalizing

Next Steps

As you gain experience:

  • Learn common vulnerability patterns to speed up verification
  • Develop templates for standard responses
  • Build relationships with regular contributors
  • Review closed reports to improve your triaging skills
  • Share knowledge with your team to improve overall security