Bugcrowd’s Incentive Programs are used to recognize and reward the Researcher community for platform and submission successes. These merit-based programs are designed to challenge you to achieve new levels of success; highlighting and celebrating your achievements throughout the year.
Incentive programs are evaluated on a quarterly basis that run slightly different than a standard calendar year:
| Quarter | Months |
|---|---|
| Quarter 1 | February - April |
| Quarter 2 | May - July |
| Quarter 3 | August - October |
| Quarter 4 | November - January |
How and when we determine Incentive winners
Two weeks after the close of each Quarter, we review all researcher reports that were submitted during that Quarter. All researchers who qualify for the an Incentive Program will be contacted with status and next steps about a week after we review the data. A winners blog will then be posted a week after that, with a list of researcher handles that have a public profile.
Shorthand!
- Bugcrowd reviews data 2-weeks after the close of the quarter
- Bugcrowd contacts winning researchers 3-weeks after the close of the quarter
- Bugcrowd will announce winners 4-weeks after the close of the quarter
MVP Program
Launched in 2019, this program is run on a 12-month basis, from February through January. At the end of each quarter, the Top 50 Hackers will be selected based on how much money they were awarded during that period.
Two weeks after the close of a quarter, winners will receive direct communications from our Hacker Success Team celebrating their achievements with a unique swag redemption code. Once all the winners have been contacted, we will post an MVP Winner’s blog with a list of users with a public profile.
To qualify for the MVP Program a researcher must meet the following criteria:
- Accuracy Rate of 90% or better for the quarter
- Must have been rewarded for at least 1 submission on Bug Bounty, Pen Test, ASM, Bug Bashes, and/or VDP
- Have a user account in good standing at time of evaluation
- Have no significant Platform Infractions during previous 6 months
- Account is not currently banned or deactivated from the platform
We are super excited for this year and seeing all the amazing work you will do, and we cannot wait to celebrate it! If you have questions, submit a support ticket through the Bugcrowd Support Portal.
P1 Warriors Program
Are you particularly skilled at exploiting Server-Side Injection or Security Misconfigurations? If so, this program is going to fit your hunting skills! This incentive program, launched in January of 2019, rewards researchers based on the total number of valid P1 submissions that they have found. The P1 Warriors program consists of stacking badges on Researcher profiles, quarterly blog callouts, and swag.
To qualify for the P1 Warrior Program a researcher must meet the following criteria:
To qualify for the P1 Warrior program, researchers need to submit valid P1 vulnerabilities. As you increase your count of valid P1 submissions you qualify for a progressive tier of awards. For a current list of tiers and awards check out the list below!
Valid P1s are accepted submissions marked as either Unresolved, Resolved, or Won’t Fix. This program started on January 1, 2019, and runs continuously. Researchers have the ability to reach new levels without the counter resetting at any point. This program is not retroactive to submissions prior to January 1, 2019.
