A quick update on our ranking point system.

Categories
New Features YesWeRHackers

We have recently been questioned on how our ranking point system works and how report quality is evaluated.

Our system has evolved quite a lot since inception, and some new report quality rating features have been added.

Triaging

The first step of a bug report life cycle is being ( hopefully ) accepted as valid by the program owner, otherwise it is classified as invalid and receives an additional qualification that eventually can lead to a negative rating, as illustrated below:

Note that a valid report can be triaged again as ” Informative ” or ” Won’t Fix ” after validation and before being accepted.

Accepted stage

Now that your shiny report has been accepted by the program owner, congratulations, you are now eligible for a reward.
But how are your ranking points calculated exactly?

a – Bounty

Depending on the bounty your report matches, you will be rewarded with ranking points:
– 15 POINTS for every bounty inferior to 500€
– 25 POINTS for every bounty from 500€, to 2000€
– 50 POINTS for every bounty superior to 2000€

b – Quality rating

The program owner can also reward the quality of your report and attribute 1 to 5 additional ranking points.

c – CVSS scoring bonus

Again, the program owner can give you 1 additional point if your report CVSS scoring falls right.

As summed-up in this chart:

You get 7 additional points for a resolved bug, a big thank you.

The big picture.

Finally we’ve stitched it all inside a single graph for your convenience.
Is our ranking system clearer?

You can refer to our leader-board to discover the hunters top 100