Unlock the State of Pentesting 2023! Explore 3,100 pentests with expert insights on vulnerabilities, security challenges, & maximizing pentest value.

New Features: Quality Control and Response Rate/Time

Today, we’re adding two new tools to Cobalt that will improve communication and experience for testers and businesses: Quality Control and Response Rate/Time. In addition to making the reporting process more transparent for our users, these new features will make it easier for the best companies and testers to interact with one another.

Quality Control

For businesses that launch a bounty program, the initial influx of vulnerability reports can sometimes be overwhelming — with reports of varying quality being submitted by testers. To facilitate the report evaluation process, this feature will ensure that testers who have repeatedly demonstrated quality reports will have precedence in your inbox.

  • Reports submitted by testers are evaluated on a scale of 1 to 5, with 1 being the lowest quality report and 5 being the best.

  • The security tester’s average scores will determine that tester’s quality rating.

  • Security testers with a quality control rating lower than 3 will only be permitted to submit one report per day.

  • [Updated] Security testers with a quality control rating lower than 3 are not permitted to participate in programs with monetary rewards.

In the future, we will continue to improve the Quality Control, and make it easier for companies to respond to vulnerability reports that reward the best Cobalt security researchers.

Response Rate/Time

To further increase the focus on the importance of providing feedback in a timely manner, we are now displaying response rate and time on all the reward programs. Security researchers invest time and work into making the businesses hosting bounty programs more secure. We hope that this feature will make it easier for our researcher community to navigate the reward programs available through Cobalt.

  • Response rate is the percentage of reports where feedback has been provided.

  • Response time is the average time passed from submission of the report to the feedback was provided.

These measures will help security testers determine how long it may take to hear back from a company, and whether companies are timely in responding to reports.

Is there a specific feature that you would like to see added to Cobalt? We are constantly looking for ways to improve our tools for businesses and testers alike. Share your thoughts with us via email or Twitter.

Back to Blog
About Julie Kuhrt
Julie Kuhrt is a former community content manager at Cobalt. With nearly a decade of experience across community and marketing teams, Julie brought a wealth of expertise and experience to her programs at Cobalt. More By Julie Kuhrt