We have recently been questioned on how our ranking point system works and how report quality is evaluated.
Our system has evolved quite a lot since inception, and some new report quality rating features have been added.
Updated in Feb. 2021
Triaging
The first step of a bug report life cycle is being ( hopefully ) accepted as valid by the program owner, otherwise it is classified as invalid and receives an additional qualification that eventually can lead to a negative rating, as illustrated below:
How the YesWeHack ranking works
Note that a valid report can be triaged again as ” Informative ” or ” Won’t Fix ” after validation and before being accepted.
Accepted stage
Now that your shiny report has been accepted by the program owner, congratulations, you are now eligible for a reward.
But how are your ranking points calculated exactly?
a – Bounty
Depending on the bounty your report matches regarding the reward grid, you will be rewarded with ranking points :From 5 to 50 points
More informations here : FEBRUARY 2021 CHANGELOG
b – Quality rating
The program owner can also reward the quality of your report and attribute 1 to 5 additional ranking points.
c – CVSS scoring bonus
Again, the program owner can give you 1 additional point if your report CVSS scoring falls right.
As summed-up in this chart:
You get 7 additional points for a resolved bug, a big thank you.
The big picture.
Finally we’ve stitched it all inside a single graph for your convenience.
Is our ranking system clearer?
You can refer to our leader-board to discover the hunters top 100: YESWEHACK IVY LEAGUE