Blog Security Our top tips for better bug bounty reports, plus a hacker contest!
September 28, 2020
1 min read

Our top tips for better bug bounty reports, plus a hacker contest!

Our AppSec team breaks down what makes a great bug bounty report. That advice comes just in time, as we're having another bug bounty contest.


We recently wrote an article with tips on how to build and run a successful bug bounty program in the hopes that the processes and practices we’ve built would help other organizations go from zero to sixty as quickly as possible.

But, the truth is, a bug bounty program will be a non-starter if you can't attract talented security hackers to join you.

The reporters in our program bring an immense depth and breadth of expertise and research, represented in the unique and innovative findings they deliver and the thoughtful reports they submit.

🎉 For these reasons and more, we’re excited to announce that we’re once again holding a community hacking contest! See more details below and we look forward to your contributions! 🚀

But when we think about the reports that researchers submit to our program, questions come up. What makes a report stand out, makes it helpful, makes it...for lack of a better word...good? We asked two of our Application Security engineers, who work to triage, investigate and test within our bug bounty program, for their frank thoughts on bug bounty reports.

What makes for a better bug bounty report?

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert