A quick update on our ranking point system

July 24, 2019

We have recently been questioned on how our ranking point system works and how report quality is evaluated.

Our system has evolved quite a lot since inception, and some new report quality rating features have been added.
Updated in Feb. 2021


The first step of a bug report life cycle is being ( hopefully ) accepted as valid by the program owner, otherwise it is classified as invalid and receives an additional qualification that eventually can lead to a negative rating, as illustrated below:

How the YesWeHack ranking works

Note that a valid report can be triaged again as ” Informative ” or ” Won’t Fix ” after validation and before being accepted.

Accepted stage

Now that your shiny report has been accepted by the program owner, congratulations, you are now eligible for a reward.
But how are your ranking points calculated exactly?

a – Bounty

Depending on the bounty your report matches regarding the reward grid, you will be rewarded with ranking points :From 5 to 50 points
More informations here : FEBRUARY 2021 CHANGELOG

b – Quality rating

The program owner can also reward the quality of your report and attribute 1 to 5 additional ranking points.

c – CVSS scoring bonus

Again, the program owner can give you 1 additional point if your report CVSS scoring falls right.

As summed-up in this chart:

You get 7 additional points for a resolved bug, a big thank you.

The big picture.

Finally we’ve stitched it all inside a single graph for your convenience.

Is our ranking system clearer?

You can refer to our leader-board to discover the hunters top 100: YESWEHACK IVY LEAGUE