We know that security researchers have many options when it comes to participating in bug bounty programs, which is why we are so proud to have some of the best researchers in the world participating in bounty programs on the Bugcrowd platform. Throughout the year, we show our appreciation in many ways–from monthly performance bonuses, private parties and events, SWAG, and more.
Today we are excited to publicly announce a new annual reward program for Bugcrowd community members that consistently submit the highest impact vulnerabilities to Bugcrowd bounty programs.
What is the reward?
We have designated a $50,000 reward pool which will be distributed amongst qualifying researchers based on their bounty rewards from July 1, 2015, and June 30, 2016.
For example, if the rewards paid to all qualifying researchers total $1,000,000 in 2016, the reward pool "shares" will be allocated as follows, with researchers earning a percentage of their total rewards as a bonus.
... earn $100,000, receive a $5,000 bonus
... earn $60,000 receive a $3,000 bonus
... earn $10,000 receive a $500 bonus
How do researchers qualify?
Between the dates of July 1, 2015, and June 30, 2016, all researchers whose non-duplicate submissions met the following criteria qualified for this bonus program. A total of 90 researchers qualified in 2016.
- Average acceptance rate of 80% or higher AND
- Average submission priority 1.0-2.99 AND
- Minimum of 5 qualifying submissions
Who currently qualifies?
In 2016 we have 90 researchers who qualify for this reward program.
(Design for our 2016 DEFCON t-shirt for VIP researchers)
We’re excited to both reward our top crowd members as well as give new researchers an opportunity to get an extra bit of cash for their work. We are now in the active qualifying window for our 2017 Cash Back Reward Program! If you have any questions about how to get involved and qualify for this reward program, feel free to reach out to firstname.lastname@example.org.