Platform updates & release notes

Stay informed about the latest features, improvements, and bug fixes on the buck4bug platform.

Features
  • Security researchers can now submit invoices directly from approved bug bounty and pentest submissions through a guided multi-step flow — form, preview, and confirmation — closing the gap between reward approval and payment.
  • Generated invoice PDFs include supplier and customer details, VAT calculations, and payment instructions, available for download from the issued invoices view via a secure link.
  • Companies can approve informational bug bounty findings with zero reward, allowing valid security insights to be acknowledged and closed without triggering a payment workflow.
Improvements
  • Submissions now track an "Invoice Submitted" status while payment is processed, giving both researchers and administrators clear visibility into where each reward stands.
  • Chat with platform administrators stays open throughout the invoicing process, and an admin channel is automatically created when a researcher submits an invoice — so payment coordination doesn't require starting a new conversation.
  • Accounting reviewers get a dedicated permission group with full audit logging, and researchers can resubmit corrected invoices after a cooldown period to reduce duplicate submissions to the finance team.
Features
  • New 4-step onboarding wizard guides security researchers through expertise and skills, invoicing details, social profiles, and program interests before they participate in programs.
  • Optional two-factor authentication (2FA) with TOTP and recovery codes is available for both security researchers and companies, adding an extra layer of account protection.
  • Dedicated Skills and Certificates tabs in profile settings provide structured ways to showcase expertise and upload credentials for vetting.
Improvements
  • Onboarding collects invoicing prerequisites early — bank details, tax information, and SWIFT/IBAN validation with full country coverage — so researchers are payment-ready when rewards are approved.
  • Sensitive personal information, including legal names, is now encrypted at rest to better protect researcher identity data.
  • Pentest report uploads are required during onboarding, helping platform administrators assess researcher experience before granting program access.
Features
  • Complete dashboard redesign for security researchers and companies — new stat cards, program filtering, and streamlined navigation make it easier to track active programs and submissions at a glance.
  • Chat now supports file attachments (screenshots, logs, videos up to 10 MB), so parties can share evidence and context directly within conversations with platform administrators.
  • Granular email notification preferences let security researchers and companies choose which platform events trigger emails, reducing noise while staying informed on what matters.
Improvements
  • Profile and settings pages redesigned with tabbed layouts — General, Notifications, Security, and more — providing a consistent, modern experience across both user types.
  • Platform administrators get a dedicated chat console grouped by program, with unread counts and channel type indicators for faster triage of company and researcher conversations.
  • Security boundaries strengthened — unapproved researchers are blocked from program data and chat, and scope agreement must be accepted before chat access is granted.
Features
  • Companies and security researchers can now communicate directly with platform administrators through a built-in real-time chat, enabling faster coordination and streamlined program management.
  • Automatic unread message notifications keep all parties informed, with email reminders for messages that haven't been seen.
Improvements
  • Redesigned email notifications for key platform events including submission updates, pentest reports, bug bounty status changes, and account approvals.
  • Refreshed detail pages for bug bounty and penetration test programs with improved layout and navigation for both companies and security researchers.
  • Platform infrastructure upgrades to support real-time communication and improved scalability.
Features
  • Platform users can now manage their preferences for platform notifications.
Improvements
  • Other usability improvements.
Improvements
  • The buck4bug.com website has been redesigned and redeployed with a modern design, improved navigation, and enhanced user experience.
Improvements
  • Improved email communication with updated user information and login links.
  • Streamlined login experience with enhanced template navigation.
  • Platform infrastructure updates to support improved performance and scalability.
Bug fixes
  • Security-related improvements and fixes.
Improvements
  • Enhanced user onboarding experience with refined welcome flow.
  • Improved email delivery system for bug bounty program notifications.
Bug fixes
  • Fixed bug bounty program notification delivery issues.
Improvements
  • All platform email communications now feature unified Buck4Bug branding for a more consistent user experience.
  • Enhanced administrative tools for improved file management capabilities.
Bug fixes
  • General platform stability improvements.
Features
  • Security researchers can now submit bug bounty reports through an online form instead of uploading PDF documents.
  • Security researchers who are unable to issue invoices for their findings will no longer have access to view bug bounty programs.
Improvements
  • After creating their profile, all security researchers are required to complete the updated approval process.
Bug fixes
  • Security related bug fixes.
Features
  • Companies can now add minimum and maximum values per reward.
  • Companies can now edit their bug bounty program after approval.
Improvements
  • Companies can now use the new bug bounty wizard with an improved UX design.
Features
  • Companies can now fill in penetration test requests from buck4bug.com website.
  • Security researchers can now submit both Draft and Final reports for penetration tests, providing a clear distinction between the two stages on the platform. Companies can also view these new report statuses within the platform.
Improvements
  • Companies can now submit penetration test requests more easily and with a better user experience.
Features
  • Companies can now manually close active bug bounty programs.
Improvements
  • Phone number is optional both for the security researcher and company profiles.
Bug fixes
  • Security researchers receive email notification after the report submission.
Features
  • Companies can now set a total budget for their bug bounty programs.
  • Companies can now set start and end dates for their bug bounty programs.
  • Companies can now view a list of all approved reports for their program.
  • Security researchers can now view a list of all uploaded reports for the programs they participate in.
Improvements
  • Updated UX design forms both for bug bounty and penetration test programs were introduced.