Bugcrowd is excited to announce our October & November 2015 Hall of Fame winners! To thank our top performers for their hard work, Bugcrowd is pleased to announce that six researchers will receive bonuses for their performance.
Mico topped the October leaderboard with 591 points – the most points ever earned by a Crowd member in a single month! Mico had 42 vulnerabilities validated with over half receiving high priority scores to achieve this position.
In second place is a researcher with 410 points earned over a dozen high-severity vulnerabilities across a combination of public and private programs, all with excellent technical documentation. Third place goes to a researcher that worked almost exclusively on kudos-only disclosure programs and netted 321 points, with 10 critical or severe vulnerability submissions (as well as another dozen valid P3 and P4 findings).
1. Mico – 591 points – $2,500 bonus
2. private – 410 points – $1,500 bonus
3. private – 321 points – $1,000 bonus
First place is won by Nahamsec, a Crowd member that reported 7 P1 vulnerabilities (and another 18 P2-P4’s!) to a Flex bounty program that closed in November. Those submissions went a long way towards his 460 points earned last month. Leaderboard regular Mico is back on the Top 3 list for the third time with 341 points, tying him with Harie_cool for Top 3 Leaderboard appearances in 2015. Rounding out the November Top 3 and close on Mico’s heels is a recent addition to the Crowd, bbuerhaus with a solid 333 points.
1. Nahamsec – 460 points – $2,500 bonus
2. Mico – 341 points – $1,500 bonus
3. bbuerhaus – 333 points – $1,000 bonus
Think you have what it takes to come out on top?
High severity bugs that result in critical security impact like remote code execution or elevation of privilege earn the most kudos points – check out our blog for a points and priority break down and read more discussion about why an IDOR can be anywhere from a P1 to a P3 on the Bugcrowd Forum. Submitting high severity bugs not only gets you bigger rewards, it can also help you get invited to private bounty programs faster – check out A Look At Private Program Invites to learn more about how to get chosen for private programs.
Thanks again to all of the Bugcrowd researchers for all of their hard work in October and November. We look forward to the December Hall of Fame results!