The Secuna Leaderboard is updated real time. Ranks on the leaderboard is based on the quality of their submissions.

At Secuna, all bugs are assigned a severity level based on the security impact. In order to help you decide which security vulnerabilities should be fixed first, Secuna has the following types of severities:

Critical Severity = +16 points
A vulnerability whose exploitation could allow remote code execution without user interaction. Exploitation likely results in root-level compromise of servers or infrastructure devices.

High Severity = +6 points
A vulnerability whose exploitation could allow access of user’s information without authorization. Exploitation could result in elevated privileges, significant data loss, and/or downtime.

Medium Severity =  +4 points
A vulnerability requiring user privileges to be exploited successfully. Using social engineering tactics, exploitation would involve the attacker to manipulate individual victims, live on the same local network as the victim, or set up denial of service assaults. Often only very restricted access is available.

Low Severity = +2 points
Low-range vulnerabilities typically have very little effect on an organization’s business.

None = 0 point
No action or fix is required.

You can also lose points based on the status of your reports and if you spam.

Not Applicable = -4 points
If you reported a false security vulnerability.

Spam = -8 points 
If you reported a non-sense security vulnerability