New Researcher Metrics and Qualification for Private Program Invites

Today we are excited to announce the release of a new metric to help researchers demonstrate their bug hunting impact more effectively on the Bugcrowd platform – Priority Percentiles! This new form of measurement shows researchers how they compare across our platform against other researchers based on valid submissions across all programs. The first release of Priority Percentiles will show all-time percentiles for P1 – P5 priority levels.

Priority Percentiles will replace the Average Severity metric for researchers on our platform.

Why are we replacing Average Severity?

Bugcrowd continues to diversify product offerings for customers, with it providing our community access to more engagements like Next Generation Pen Testing (NGPT), which require researchers to report on all priority levels of bugs. We have become aware through researcher feedback that a new and more holistic metric was needed to enable researchers to display their bug hunting abilities.

For a researcher to maintain a high Average Severity, they typically avoided submitting anything that wasn’t a higher priority bug. This created an issue where people would leave bugs unreported in the interest of keeping a higher rating. This is neither ideal for the Crowd (leaving money on the table) or for the organizations running the programs (issues not being reported due to concerns around priority).

With the removal of Average Severity and the implementation of Priority Percentiles, we will enable researchers to display their bug hunting abilities in a more holistic way to both customers and Bugcrowd. With our new visual Priority Percentiles, researchers will be able to compare how they rank for each priority level (P1 – P5) compared to all researchers on the Bugcrowd platform and across all programs.

What does Priority Percentiles change?

We’re also excited to announce that the qualifications for researchers receiving private program invites have been simplified! The new requirements are:

  • Four submissions submitted to the Bugcrowd platform all-time
  • Greater than 50% accuracy in the last 90-days
  • One valid P1 – P3 in the last 90 days

Average Severity has been removed from the qualifications for private program invites. As such, Average Severity will be removed from researcher profiles and be replaced with the Priority Percentiles metric. Additionally, customers will no longer see a researcher’s Average Severity for their bounty program(s). Instead, they’ll see the Priority Percentiles metric.

More to come!

Starting next year, we will roll out a 90-day version of Priority Percentiles to help researchers understand how they are performing in the short-term. Also, submissions using the Bugcrowd collaboration feature will be included in a researcher’s individual stats, and will count for Priority Percentiles metrics.

We are very excited to be taking this step forward to enable the Crowd to show the impact they have on our platform and across programs. We are also looking forward to continuing to provide more and different ways for researchers to be recognized for their hard work on the platform through 2020 – so much more to come!

If you have any questions, please reach out to We are always happy to help!