NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Introducing the Hall of Fame

Today, we’re excited to launch the Cobalt Hall of Fame, a place where we recognize the best security researchers on our platform. While many researchers have received monetary rewards and thank you messages from businesses across the world, we want to highlight the great efforts our security researchers have taken to make the web a safer place.

Cash Rewards + Hall of Fame

The “Hall of Fame” is a widely recognized way to highlight the contributions and efforts of testers in the bug bounty community. In some cases, businesses do not offer cash rewards, rather they only mention security testers in their respective Hall of Fame. At Cobalt, we believe that quality reward programs need both cash rewards and a hall of fame mention. The cash reward gives a tester motivation to take time to look deep into the application, while a hall of fame adds a competition element as well as the personal recognition that skilled testers deserve.

Cobalt Researcher Rankings

On the Cobalt platform, all vulnerability report feedback is given directly to researchers by the businesses hosting bug bounty programs. Business feedback plays an important role in determining a security researcher’s overall Rep score. Below are the current scores given based on vulnerability.

In addition to scoring vulnerability feedback, the businesses also give feedback on the quality of vulnerability reports (on a 1 to 5 scale). Overall, a high report quality can increase a tester’s Rep score up to 50%.

Duplicates, Rejections, and Out of Scope

Duplicate vulnerabilities are a regular discussion topic in the security research community. Here is how we handle common vulnerabilities in the Cobalt Hall of Fame:

  • Duplicate vulnerabilities are given a positive score to recognize the value of their work despite the issue being found by another tester.

  • Rejected vulnerabilities are given a neutral score.

  • Vulnerabilities assessed as “Out of Scope” negatively impact a tester’s score. Because these various vulnerability ratings can potentially negatively impact scores, it is important that testers understand the detail and scope of the bounty programs in which they participate.

Congratulations to the testers who are currently listed on the Hall of Fame — we look forward to seeing who will join these researchers in the future. Best of luck!

Back to Blog
About Julie Kuhrt
Julie Kuhrt is a former community content manager at Cobalt. With nearly a decade of experience across community and marketing teams, Julie brought a wealth of expertise and experience to her programs at Cobalt. More By Julie Kuhrt