Just like talented employees need feedback to help them grow and improve while working at their company, we know that Researchers need ways to understand how they’re doing on our platform!
However, quantifying and measuring performance metrics is easier said than done. We take a holistic approach when determining a researcher’s platform rank. At Bugcrowd, we feel that all submissions are good submissions; they all contribute to your long-term goals and success in the Cybersecurity space!
This blog breaks down the essentials of Researcher Performance Metrics so you can get to earning new program invites and moving up on our leaderboards!
FAQs on Researcher Performance:
What are Kudos/Points?
Kudos are a way to measure impact and success on the Bugcrowd platform. These points are awarded to researchers based on the Priority level of their submissions.
See our “Getting Rewarded” documentation for more information.
What is a Duplicate?
A submission that is valid, but has already been submitted by another researcher/Bugcrowd user or is a known issue. Points are rewarded to a duplicated submission when the original bug is accepted by the program owners. The research work is still appreciated even if it wasn’t first to arrive.
See our “Getting Rewarded: Earning Points for Duplicate Bugs” documentation for more information.
What defines a Valid or Invalid submission?
Valid submissions are defined by being in a Resolved, Unresolved, or Won’t Fix endstate. Invalid Submissions are defined by being in an Out of Scope or Not Reproducible endstate.
See our Assigning Submission Statuses documentation for more information.
What is Accuracy?
Accuracy is calculated by dividing your total number of valid vulnerabilities submitted over your total number of invalid and valid submissions. Please note: submissions that are Not Applicable are not used to calculate Accuracy
Our Formula: % Accuracy = [(Valid Submissions)/(Valid Submissions + Invalid Submissions)] * 100
See our documentation on “Performance Stats: Accuracy” for more information.
How are Priority Percentiles calculated?
Percentiles are determined by the count of valid, non-duplicate submissions in comparison to the rest of the crowd.
Percentiles are based on non-duplicate valid submissions: Won’t Fix, Unresolved, and Resolved. Each percentile is a comparison of a researcher’s submission volume to all other researchers over a specific period of time; the higher the percentile, the more submissions the researcher has for that priority level compared to others.
See our “Performance Stats: Priority Percentile” documentation for more information.
How is Rank calculated?
Your rank is determined based on the total number of points you have earned for valid submissions compared to other researchers. The more points you have, the higher your rank!
See our “Researcher Dashboard” documentation for more information.
How do I earn Private Crowd invites?
To qualify for private program invites, you’ll need to have:
- Four submissions submitted to the Bugcrowd platform all-time
- One accepted P1-P3 submission to the Bugcrowd platform all-time (non-duplicate unresolved or resolved)
- Greater than 50% accuracy in the last 90-days
- One valid P1–P3 in the last 90 days
How does this impact me as a researcher?
Each of these definitions and statistics play into where you fall in the crowd. You can use these metrics to compare your profile across the entire crowd to understand where you fall. The more submissions you have, the more points you earn. The more points you have, the higher your profile is ranked! This all counts towards additional invitations, incentive programs, and our leaderboard!
However, points aren’t everything! Our Researcher Success team constantly reviews programs to find well-written submissions and professional interactions with customers. Researchers that have strong reports and who work hard to build relationships with Program Owners may find a few extra invites in their inbox…
If you have any questions, please reach out to email@example.com. We are always happy to help!