A hacker's reputation measures how likely their finding is to be immediately relevant and actionable. Signal is the average reputation hackers receive per report. The higher a hacker's signal is, the more reputable their report will be.
Signal Requirements enable a program to set a Signal threshold that hackers must reach in order to submit reports to the program. If a hacker falls below the threshold, they will have a restricted number of reports they can submit to your program. This will improve the quality of reports programs can expect to receive from hackers.
To enable Signal Requirements:
- Go to Settings > Program > Submission.
- Choose from 1 of these 4 options in the Signal Requirements section:
|Strict (≥ 1.0 Signal)||Hackers with a proven record are unrestricted, while hackers who don't meet this requirement will have a limited number of allowed submissions to your program. A strict setting makes sense for teams that prefer fewer, higher quality reports or that can only handle a smaller flow of reports as it most tightly limits hacker participation based on high Signal. This is the recommended setting for new programs.|
|Standard (≥ 0.0 Signal)||The recommended setting for most programs.|
|Lenient (≥ -1.0 Signal)||Recommended for experienced programs that want to maximize the number of hackers that'll help find vulnerabilities.|
|Turn off Signal Requirements||Any hacker with any level of Signal will be able to submit reports to your program. Recommended for veteran programs only.|
Note: Turning Signal Requirements down or off is better for teams that value having the maximum number of hackers to help find issues.
When hackers don't meet the Signal Requirement:
- They can submit a capped number of important vulnerability reports.
- The number of reports they can submit will be capped based on their Signal.
- The number of capped reports they can submit resets every 30 days.
There is a program limit for capped reports and a total platform limit for reports sent to programs by these hackers. This provides all hackers with the opportunity to participate in a program, even if their Signal doesn't meet the program requirements.