Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there.
How do we define the Most Valuable Security Researchers?
The list at Black Hat will be the top tier of researchers based on not just the volume of the reports, but also the impact and accuracy of their reports. There are two paths to get into this top tier for reporting over the program period:
Path One: Contribution-based (recognizes a larger body of work)
At least 50% of your reports are valid
The average points of your valid vulnerability reports put you at or above the 50th percentile for report impact
You reported at least 5 valid vulnerabilities during the evaluation period
Path Two: Impact-based (recognizes a smaller body of higher-impact work)
At least 60% of your reports are valid
The average points of your valid vulnerability reports put you at or above the 90th percentile for report impact
You reported at least 3 valid vulnerabilities during the evaluation period
Either the contribution-based or impact-based model can get you into the top tier. Once you’re in, your rank within that tier will depend on the total number of points you’ve received.
What’s in Scope?
We calculated the points for the cases that are:
- Reported between July 1, 2018~~ ~~and June 30, 2019, and assessed by the MSRC team before July 15, 2019.
- Because the 2018 Top 100 was calculated based on fixed cases rather than all reports, for 2019 we also included cases reported between July 1, 2017 and June 30, 2018 but fixed or closed after July 1, 2018.
Cases fixed between July 1, 2017 and June 30, 2018 were already included in last year’s Top 100 researcher list.
Want to learn more? Check out our program page showing you where you can earn multipliers to improve your standings!
We are excited to announce the names of our Most Valuable Researchers soon and hope to see you in Las Vegas!
Sylvie Liu, Security Program Manager, MSRC Community Programs