Safehats provides various scoring methodologies that security researchers earn either through submitting bug report or by winning bounty amount. Karma score is the aggregate score that signifies the reputation of security researchers. Along Karma score, we also introduce Rank, Acceptance rate and Average bug severity. Invitation to private programs will be based on these scores.
How Scoring works?
100 karma score is assigned to the hacker once he/she signs up in the platform
Karma score is also allocated when the report is evaluated as follows:
Duplicate of Resolved bug= +3
Not Acceptable(N/A)= -5
Duplicate of N/A= -5
If program is giving bounty and researchers get Bounty amount,
For Min Bounty =+10
2x of Min Bounty =+15
4x of Min Bounty= +20
Let say a program have minimum bounty 50$, total karma score is 20= 10 (for bug resolved)+10 (for min bounty) and If a researcher got rewarded 100$, so total Karma score he will earn is 25 : +10(for bug resolved )+15 (for 2X bounty). If he receives 200$ he will earn 30 Karma score : +10(for bug resolved ) +20 (for 4x bounty).
- Rank :
Rank of the Hacker is calculated on decreasing order of Karma score
2. Acceptance Rate:
Acceptance rate is calculated based on number of valid bug reports submitted (which includes resolved, duplicate of resolved bugs) divided by total number of bug reports submitted.
For calculation see below:
Number of valid bug reports submitted =13 ; Total number of bug reports submitted =19
Acceptance rate =13/19 =68.42%
3. Average Bug Severity:
With total number of resolved bug reports submitted with varying bug severity ranging from 1( Critical) to 5 (Low), Average bug severity is total sum of all bug severity divided by total resolved bug reports submitted.
Hackers will always have access to their Karma Score log file. We aim to provide an engaging platform for our Hacker community. If you have suggestions for improvement, please email us to firstname.lastname@example.org