The leaderboard and kudos: Evolving for the good of the Crowd and our customers


  •  
  •  
  •  
  •  

Bugcrowd takes its founding role in the crowdsourced security market very seriously. We believe that it’s our responsibility to keep on top of the needs of our customers and the Crowd. As a team, we’re borderline obsessive about taking and incorporating feedback – iterating and improving to ensure success for both parties in this incredibly powerful model.

Re: Kudos and reputation: You spoke, and we’re listening!

We kicked off a stream of work several months ago, and in August we made initial changes to the Bugcrowd leaderboard to reflect the diversity of bug hunter approaches we observe when it comes to choosing and working on programs. In particular, we heard your concern that programs which offer Kudos points were diluting the importance of incentivizing vulnerability research with cash. The first step we took was to launched two new leaderboards to display P1 & P2 submissions on paid programs and kudos-only programs, effectively splitting out paid and non-paid reputation.

Today, we take this one step further as we continue to evolve our reputation systems. We have removed the points-based leaderboard. We believe this will encourage and reinforce bug hunters to continue to improve their skills, and will encourage our customers to incentivize them more aggressively. In addition to the overall P1&P2 submissions on paid programs, we have added one for overall P1-P4 submissions on paid programs.

On the other side of this coin, Bugcrowd firmly believes in researchers being able to use Bugcrowd statistics and activity to help them continue to gain access to more and more exclusive programs. We also believe that every single company or entity on the planet should have a Vulnerability Disclosure program, for the health of the internet as a whole. To this end, we will be keeping individual “Thanks” pages on each program. We will also be working to architect new ways for researchers to showcase their work over the next few months. Stay tuned!

FAQ

Q: How does this impact Private Program invitations?

A: Overall points have never been a metric that affects program invites, so little will change.

Q: What happens to Kudos points?

A: For the time being, points will still be awarded and be visible in programs and researcher profiles. We are continuing to work on new and better ways to utilize this information to benefit researchers.

Q: What happens to the monthly bonuses paid out based on leaderboard standings?

A:  We will continue to pay monthly bonuses based on the top 3 spots for each new leaderboard. Each leaderboard will have $6000 for each monthly bonus allotment. Each leaderboard will pay $3000 for first place, $2000 for second place, and $1000 for third place.

Learn the ins and outs of Crowdsourced Security, Managed Bug Bounty and Vulnerability Disclosure ProgramsDownload the Guide
+