Researcher Documentation

Welcome to the researcherdocs developer hub. You'll find comprehensive guides and documentation to help you start working with researcherdocs as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Getting Rewarded

Cash and points are the ultimate rewards for a job well done. So, how are they earned?

Earning Cash Rewards

If a program offers cash rewards, it means that they are willing to pay you for a valid bug. A valid bug is a security vulnerability that is in scope per the bounty brief and can be reproduced by the triaging Application Security Engineer (ASE) or Program Owner.

To qualify for a cash reward, you must be the first Researcher to report the vulnerability, which means that it cannot be a duplicate of a report someone else has already reported or a known issue which has been imported by the Progam Owner.

You'll know your submission has been accepted as valid when its status changes from "Triaged" to "Unresolved." When this happens, a Program Owner will reward your submission. You'll get an e-mail notification that your submission has been accepted and you've been rewarded for your efforts.

The Program Owner sets the reward amounts with Bugcrowd's input and is typically based on the current market rate for priority assigned to the vulnerability as well as consideration of impact to the individual business. This rate varies, but generally, vulnerabilities with a higher priority rating are rewarded more.

Rewards vary by program.

If you have questions about rewards, please reach out to support@bugcrowd.com.

Earning Kudos Points for Valid Bugs

You are rewarded points for each validly accepted report made. You must be the first person to report the bug to earn all possible points.

Each bug is rated on a priority scale of P1 - P5 according to Bugcrowd’s VRT, with points rewarded accordingly:

Priority
Level
Points Earned

P1

Critical

40 points

P2

High

20 points

P3

Moderate

10 points

P4

Low

5 points

P5

Non-exploitable weaknesses

0 points

Earning Points for Duplicate Bugs

Points are also rewarded to duplicate bugs based on vulnerability severity. Points are rewarded to a duplicated submission when the original bug is accepted by the program owner.

Priority
Level
Points Earned

P1

Critical

10 points

P2

High

5 points

P3

Moderate

2 points

P4

Low

1 points

P5

Non-exploitable weaknesses

0 points

If you have questions about points, please reach out to support@bugcrowd.com.

More Info

For more detailed information on the prioritization of a vulnerability, refer to the Bugcrowd VRT.

Getting Rewarded


Cash and points are the ultimate rewards for a job well done. So, how are they earned?

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.