Skip to content
Fortworx

Researcher Portal

Overview

Fortworx provides a dedicated portal for security researchers to track their vulnerability submissions, manage claims, and set up payouts. This guide covers the researcher experience from submission to reward.

Submitting Vulnerability Reports

Researchers can submit vulnerability reports to a workspace in two ways:

  1. Email — Send an email to the workspace’s published security email address.
  2. Web Form — Use the workspace’s public web form to submit a structured report.

Tracking Submissions

Once a report is submitted, researchers can track their submissions through the Submissions page. The submissions list shows:

  • Report subject
  • Company (workspace) name
  • Severity level
  • Current status
  • Date reported

Researchers can click on any submission to view its details, including correspondence history and claim status.

Claims

When a researcher submits a valid vulnerability report, they can raise a claim requesting credit or a reward. The claim lifecycle is:

  1. Not Claimed — The initial state after a report is submitted.
  2. Recognized — The system has recognized the researcher as the submitter.
  3. Raised — The researcher has raised a claim for credit or reward.
  4. Pending Review — The workspace team is reviewing the claim.
  5. Verified — The claim has been accepted.
  6. Rejected — The claim has been rejected.

Researchers can also abandon a claim or re-raise an abandoned claim. See Claims and Grants for full details.

Payout Setup

To receive bug bounty payments, researchers need to set up their payout account through Stripe Connect. This can be done from the researcher portal:

  1. Navigate to the payout settings in your researcher profile.
  2. Connect your Stripe account or set up a new one.
  3. Once connected, approved bug bounty grants will be paid out to your Stripe account.