Cash Rewards + Hall of Fame
The “Hall of Fame” is a widely recognized way to highlight the contributions and efforts of testers in the bug bounty community. In some cases, businesses do not offer cash rewards, rather they only mention security testers in their respective Hall of Fame. At Cobalt, we believe that quality reward programs need both cash rewards and a hall of fame mention. The cash reward gives a tester motivation to take time to look deep into the application, while a hall of fame adds a competition element as well as the personal recognition that skilled testers deserve.
Cobalt Researcher Rankings
On the Cobalt platform, all vulnerability report feedback is given directly to researchers by the businesses hosting bug bounty programs. Business feedback plays an important role in determining a security researcher’s overall Rep score. Below are the current scores given based on vulnerability.
In addition to scoring vulnerability feedback, the businesses also give feedback on the quality of vulnerability reports (on a 1 to 5 scale). Overall, a high report quality can increase a tester’s Rep score up to 50%.
Duplicates, Rejections, and Out of Scope
Duplicate vulnerabilities are a regular discussion topic in the security research community. Here is how we handle common vulnerabilities in the Cobalt Hall of Fame:
Duplicate vulnerabilities are given a positive score to recognize the value of their work despite the issue being found by another tester.
Rejected vulnerabilities are given a neutral score.
Vulnerabilities assessed as “Out of Scope” negatively impact a tester’s score. Because these various vulnerability ratings can potentially negatively impact scores, it is important that testers understand the detail and scope of the bounty programs in which they participate.
Congratulations to the testers who are currently listed on the Hall of Fame — we look forward to seeing who will join these researchers in the future. Best of luck!