Skip to main content

Understand your ranking: Leaderboard, reputation and streaks

The way we calculate your ranking and quality metrics

Yannick avatar
Written by Yannick
Updated today

This article explains how Intigriti calculates researcher rankings using reputation points and streaks. Understanding these metrics helps you track your performance, improve your standing, and increase your visibility for private program invitations.

With the release on May 7, 2025, the validity ratio will more accurately reflect impactful contributions by treating 'Informative' submissions as neutral

Key Takeaways:

  • Reputation points are earned for accepted submissions and duplicates of accepted submissions, based on severity. .

  • Your streak shows the highest severity of accepted or duplicate submissions in the last 90 days.

  • Leaderboard ranking is primarily based on reputation points, with streak used as a tie-breaker.

Who this article is for:

  • All researchers participating on the Intigriti platform.

How reputation points are earned

Reputation points signify your experience and track record on the platform. We award points for accepted vulnerabilities, meaning your score only increases with successful contributions.

When you earn points

  • Your submission identifying a vulnerability is Accepted.

  • Your submission is marked as a Duplicate of an accepted submission.

Points awarded by severity:
​
The number of points depends on the severity of the accepted submission:

  • None: 0 points (Submissions closed as Informative, Accepted Risk, Not Applicable, Spam, Out of Scope, or Duplicates of non-Accepted submissions receive 0 points)

  • Low: 5 points

  • Medium: 20 points

  • High: 25 points

  • Critical: 40 points

  • Exceptional: 50 points

  • Duplicate (of an accepted submission): 1/5th (20%) of the points awarded for the original accepted submission.

How reputation is displayed

  • All-Time Reputation: Your total points earned since joining Intigriti.

  • 90-Day Reputation: Points earned from acceptances within the last 90 days, highlighting recent activity.

How your validity ratio is calculated

Your validity ratio indicates the quality of your submissions by measuring the proportion of impactful reports relative to your total relevant submissions.

Please be aware: For all submissions made on or after the platform update of May 7, 2025, 'Informative' submissions will be considered neutral. Consequently, they will be excluded from this calculation to ensure a fairer assessment.

The ratio compares submissions that positively impact your score against those that negatively impact it.

Submissions counting POSITIVELY:

  • Accepted submissions.

  • Submissions rejected as Accepted Risk.

  • Submissions rejected as a Duplicate

Submissions counting NEGATIVELY:

  • Submissions rejected as Spam.

  • Submissions rejected as Not Applicable.

  • Submissions rejected as Out of Scope.

  • Submissions rejected as a Duplicate

Submissions EXCLUDED (Neutral):

  • Submissions rejected as Informative.

Understanding your Streak

The streak metric highlights your recent high-impact findings. It shows the highest severity level among all submissions you have made in the last 90 days, provided those submissions were either:

  • Accepted by the company.

  • Rejected as a Duplicate (the parent submission's status doesn't affect the streak calculation itself).

Possible streak values are: Low, Medium, High, Critical, or Exceptional.

How leaderboard ranking works

Intigriti hosts various leaderboards, including All-Time, Last 90 Days, Quarterly, Monthly, and Program-Specific lists.

Your rank on any leaderboard is determined primarily by the relevant reputation points (e.g., 90-day points for the 90-day leaderboard). If two researchers have the same number of points, the streak metric serves as the tie-breaker, with the higher severity streak ranking higher.

Best Practices

Do:

  • Focus on finding unique, impactful, and in-scope vulnerabilities.

  • Thoroughly read and understand the program scope before testing.

  • Check for potential duplicates before submitting.

  • Write clear and detailed reports.

Don't:

  • Submit out-of-scope findings, spam, or poorly documented reports.

  • Focus solely on submission quantity without considering quality or impact.

  • Rely on 'Informative' submissions to influence your validity ratio (as they are now excluded).

Common Pitfalls:

  • Misinterpreting program scope details.

  • Submitting findings that have already been reported.

Expert Tips:

  • Choose programs that align with your technical skills and interests.

  • Build a strong track record of high-impact findings over time.

Related Resources

Did this answer your question?