We’re constantly trying to bring more Bug Bounty Programs public, so that there are more Programs available for the hacker community to participate in. When we introduced Signal Requirements, more than 75% of bug bounty programs on HackerOne were private; the main reason these programs stayed private was the concern over the volume of invalid reports they would encounter. With some platform research on our end, we realized that over half of the noise comes from only 10% of hackers!
Signal Requirements allows programs to specify if they require a minimum Signal of hackers who can submit reports to them. If your Signal is above their requirement, then you won’t even notice this feature. If you don’t meet the required Signal, you will be given trial reports that you can submit within a rolling window, so you can still participate in their programs.
The amount of trial reports available is determined by the rate limiter. The significantly evolved rate limiter gives you more trial reports the better your performance is by taking many different factors into account, with the dominant input being your Signal. We want hackers who are restricted to have a clear way to rise above those limitations; thus the new rate limiter is designed to detect changes in behaviour as quickly as possible, and to reward those putting in extra effort with swiftly increasing allowances.