Hi Lucas,

Interesting and good idea, I gave it a like.

There are actually already more detail community interactions that you either give or lose community points. You can see them at the bottom of this page: https://www.outsystems.com/community/leaderboard/

Given the effort it takes to find, test, report a security vulnerability, what number of points would you see fit as a reward, compared to the lists of actions that currently get points? 

Regards,

Daniel

Hi Daniel, I hope you are well.

Reporting a vulnerability or possible vulnerability is a huge effort, I say this because OutSystems itself already has a security team alongside the HackerOne team that provides an extremely secure product, that being said, it is very difficult to exploit security breaches because the product is already extremely safe.

This effort begins with several manual tests, as automatic software is easily detected by any firewall, so as these are more manual processes, it takes a while to find something that is really worth exploring.

After exploring and confirming a security breach, we need to write in detail and collect evidence, to put the information in detail in the report that will be sent.

Okay, now with this information I believe I can talk a little about what would be an interesting score for this topic, I believe somewhere between 5 and 8.

Perhaps:

• +1 for submitting the report
• -1 for untrue reports
• +8 for true reports and analyzed by the security team

I confess that I'm not very good at scoring mechanisms, but it's a more selective type of score or badge.

Regards,

Lucas Soares