We just released the next major update for Federacy: 1.8!
This release includes Assessments, 2FA, and a number of quality of life improvements.
We've been asked many times for a pentest or security review before launching a bug bounty program, or when a customer launches new products or features. Assessments seek to answer this need.
Assessments involve several hand-picked researchers following the OWASP Application Security Verification Standard (ASVS) Level 1, which encompasses 231 separate tests. We collate their results and report them to you with remediation advice, then validate the fixes to provide a clean bill of health.
Info tab and optional awards
We've been working to make our vulnerability disclosure programs more informative and versatile, so we've added an optional Info tab, where companies can provide more context for their bug bounty programs. This section supports markdown, similar to our VDP tab.
We've also made the Awards tab optional for vulnerability disclosure programs that have opted out of offering bug bounties and added a Report tab for Assessment programs.
Because account security is very important to us, we've added multi-factor authentication functionality, utilizing a time-based, one-time password algorithm (TOTP).
Additional closed statuses
We've split the closed status into three separate states. Resolved is equivalent to our previous closed state, rejected is for reports that are out-of-scope or invalid, and informative is for reports that are helpful, but don't result in security improvements.
Report comment box
Due to one of the more confusing aspects of our design, we've had numerous users accidentally comment to their team instead of the intended researcher about their report. To resolve this UX issue, we've changed the default action to researcher-focused communication and visually distinguished the different comment types.