huntr icon indicating copy to clipboard operation
huntr copied to clipboard
verified publisher icon 418sec

Recognition for non-monetary contributions

Open michaellrowley opened this issue 4 years ago • 2 comments

Currently, Huntr implements what I'd call a 'bounty-allowance' (officially 'prize pots' IIRC) that stops paying for vulnerabilities after a certain amount of money has been paid out for a given repository until the next month.

While a good idea, this inadvertently promotes 'vulnerability hoarding' where researchers discover bugs, wait until the repository is eligible for pay-outs again, and then report them instead of reporting them as soon as they are discovered.

I'd suggest providing something similar to HackerOne's 'Good Samaritan' badge to researchers that report a threshold of non monetarily-eligible vulnerabilities so that researchers have a reason not to wait before disclosing, thus saving Huntr money (as they wouldn't need to pay out as much).

michaellrowley avatar Aug 14 '21 20:08 michaellrowley

That will be a nice move 😄🙌

b1nslashsh avatar Sep 13 '21 02:09 b1nslashsh

@michaellrowley - thank you for the suggestion and apologies for the delay in response 👏

We have discussed various means of awarding badges, and will be iterating on our leaderboard, XP and award mechanisms shortly!

I will keep you updated on the status of these works ❤️

JamieSlome avatar Nov 08 '21 16:11 JamieSlome