redragonvn
commented
3 years ago A Hacker profile starts with a reputation of 0. Reports gain or lose reputation based on the state in which they are closed.
Base on report states
| Points | States |
|---|---|
| +7 | Triaged or Resolved |
| +2 | Duplicate of a resolved report submitted prior to the report being made public |
| -5 | Duplicate of a resolved report submitted after the report is made public |
| -2 | Not Applicable |
| -10 | Spam |
Base on bounty amounts
| Points | Bounty amount |
|---|---|
| +50 | BOUNTY_SEVERE - Bounty Amount ≥ mean + 1 standard deviation |
| +25 | BOUNTY_HIGH - Bounty Amount > mean |
| +15 | BOUNTY_MEDIUM - Bounty Amount ≥ mean - 1 standard deviation |
| +10 | BOUNTY_LOW - Bounty Amount < mean - 1 standard deviation |
User with reputation <= -20 will not be allowed to post a new report.
Discussion: should BugRank calculate reputation and signal/impact points similar to HackerOne?
Ref: