Platform updates & release notes
Stay informed about the latest features, improvements, and bug fixes on the buck4bug platform.
Features
- Security researchers can now submit invoices directly from approved bug bounty and pentest submissions through a guided multi-step flow — form, preview, and confirmation — closing the gap between reward approval and payment.
- Generated invoice PDFs include supplier and customer details, VAT calculations, and payment instructions, available for download from the issued invoices view via a secure link.
- Companies can approve informational bug bounty findings with zero reward, allowing valid security insights to be acknowledged and closed without triggering a payment workflow.
Improvements
- Submissions now track an "Invoice Submitted" status while payment is processed, giving both researchers and administrators clear visibility into where each reward stands.
- Chat with platform administrators stays open throughout the invoicing process, and an admin channel is automatically created when a researcher submits an invoice — so payment coordination doesn't require starting a new conversation.
- Accounting reviewers get a dedicated permission group with full audit logging, and researchers can resubmit corrected invoices after a cooldown period to reduce duplicate submissions to the finance team.
Features
- New 4-step onboarding wizard guides security researchers through expertise and skills, invoicing details, social profiles, and program interests before they participate in programs.
- Optional two-factor authentication (2FA) with TOTP and recovery codes is available for both security researchers and companies, adding an extra layer of account protection.
- Dedicated Skills and Certificates tabs in profile settings provide structured ways to showcase expertise and upload credentials for vetting.
Improvements
- Onboarding collects invoicing prerequisites early — bank details, tax information, and SWIFT/IBAN validation with full country coverage — so researchers are payment-ready when rewards are approved.
- Sensitive personal information, including legal names, is now encrypted at rest to better protect researcher identity data.
- Pentest report uploads are required during onboarding, helping platform administrators assess researcher experience before granting program access.
Features
- Complete dashboard redesign for security researchers and companies — new stat cards, program filtering, and streamlined navigation make it easier to track active programs and submissions at a glance.
- Chat now supports file attachments (screenshots, logs, videos up to 10 MB), so parties can share evidence and context directly within conversations with platform administrators.
- Granular email notification preferences let security researchers and companies choose which platform events trigger emails, reducing noise while staying informed on what matters.
Improvements
- Profile and settings pages redesigned with tabbed layouts — General, Notifications, Security, and more — providing a consistent, modern experience across both user types.
- Platform administrators get a dedicated chat console grouped by program, with unread counts and channel type indicators for faster triage of company and researcher conversations.
- Security boundaries strengthened — unapproved researchers are blocked from program data and chat, and scope agreement must be accepted before chat access is granted.
Features
- Companies and security researchers can now communicate directly with platform administrators through a built-in real-time chat, enabling faster coordination and streamlined program management.
- Automatic unread message notifications keep all parties informed, with email reminders for messages that haven't been seen.
Improvements
- Redesigned email notifications for key platform events including submission updates, pentest reports, bug bounty status changes, and account approvals.
- Refreshed detail pages for bug bounty and penetration test programs with improved layout and navigation for both companies and security researchers.
- Platform infrastructure upgrades to support real-time communication and improved scalability.
Features
- Platform users can now manage their preferences for platform notifications.
Improvements
- Other usability improvements.
Improvements
- The buck4bug.com website has been redesigned and redeployed with a modern design, improved navigation, and enhanced user experience.
Improvements
- Improved email communication with updated user information and login links.
- Streamlined login experience with enhanced template navigation.
- Platform infrastructure updates to support improved performance and scalability.
Bug fixes
- Security-related improvements and fixes.
Improvements
- Enhanced user onboarding experience with refined welcome flow.
- Improved email delivery system for bug bounty program notifications.
Bug fixes
- Fixed bug bounty program notification delivery issues.
Improvements
- All platform email communications now feature unified Buck4Bug branding for a more consistent user experience.
- Enhanced administrative tools for improved file management capabilities.
Bug fixes
- General platform stability improvements.
Features
- Security researchers can now submit bug bounty reports through an online form instead of uploading PDF documents.
- Security researchers who are unable to issue invoices for their findings will no longer have access to view bug bounty programs.
Improvements
- After creating their profile, all security researchers are required to complete the updated approval process.
Bug fixes
- Security related bug fixes.
Features
- Companies can now add minimum and maximum values per reward.
- Companies can now edit their bug bounty program after approval.
Improvements
- Companies can now use the new bug bounty wizard with an improved UX design.
Features
- Companies can now fill in penetration test requests from buck4bug.com website.
- Security researchers can now submit both Draft and Final reports for penetration tests, providing a clear distinction between the two stages on the platform. Companies can also view these new report statuses within the platform.
Improvements
- Companies can now submit penetration test requests more easily and with a better user experience.
Features
- Companies can now manually close active bug bounty programs.
Improvements
- Phone number is optional both for the security researcher and company profiles.
Bug fixes
- Security researchers receive email notification after the report submission.
Features
- Companies can now set a total budget for their bug bounty programs.
- Companies can now set start and end dates for their bug bounty programs.
- Companies can now view a list of all approved reports for their program.
- Security researchers can now view a list of all uploaded reports for the programs they participate in.
Improvements
- Updated UX design forms both for bug bounty and penetration test programs were introduced.