Recognizing Security Researchers in 2020

Is it too early to talk about the 2020 MSRC Most Valuable Security Researchers? Five months from now, at the end of June, the program period closes for researchers to be considered for inclusion in the Most Valuable Researchers list. The top researcher list will be revealed at Black Hat North America in August.

For now, we want to explain who will get recognized as a MSRC Most Valuable Security Researcher for 2020, introduce the new MSRC Contributor tier in our researcher recognition program, and share some tips that can help you get into our top researcher tiers.

Read on to learn more about the criteria for our 2020 MSRC Most Valuable Security Researchers and MSRC Contributors.

2020 Most Valuable Security Researcher

How do I get in?

Similar to last year, we take report volume, accuracy and impact into consideration. Here are the two paths to get into this top tier for reporting over the program period:

  • Path One: Contribution-based (recognizes a larger body of work)
    • Volume: you reported at least five valid vulnerabilities during the evaluation period
    • Accuracy: at least 50% of your reports are valid (your accuracy score)
    • Impact: the average points of your valid vulnerability reports put you at or above the 50th percentile for report impact
  • Path Two: Impact-based (recognizes a smaller body of higher-impact work)
    • Volume: You reported at least three valid vulnerabilities during the evaluation period
    • Accuracy: at least 50% of your reports are valid (your accuracy score)
    • Impact: the average points of your valid vulnerability reports put you at or above the 90th percentile for report impact

What do I get?

If you are identified as a 2020 MSRC Most Valuable Security Researcher, you’re eligible for benefits, including but not limited to:

  • Annual recognition on the MSRC’s Most Valuable Security Researcher list
  • Special SWAG box for Most Valuable Researchers
  • Access to Microsoft products and services for research purposes
  • Access to invitation-only MSRC events
  • Invitation to private MSRC programs

How about the ranking?

Either the contribution-based or impact-based model can get you into the top tier. Once you’re in, your rank within that tier will depend on the total number of points you’ve received.

2020 MSRC Contributor

How do I get in?

MSRC Contributor is the next tier in our researcher recognition program. The criteria for getting into this tier are:

  • Volume: you reported at least three valid vulnerabilities during the evaluation period
  • Accuracy: at least 50% of your reports are valid (your accuracy score)
  • Impact: the average points of your valid vulnerability reports put you at or above the 50th percentile for report impact

What do I get?

If you are identified as a 2020 MSRC Contributor, you’re eligible for, including but not limited to:

  • Special SWAG box for MSRC Contributors
  • Access to invitation-only MSRC events

When do I need to report by to be considered?

The program period for the 2020 Most Valuable Security Researcher and MSRC Contributor includes cases that fall into either of these categories: 

  • Reported and assessed by the MSRC team between July 1, 2019 and June 30, 2020
  • Submitted between July 1, 2018 and June 30, 2019 (last program period), but assessed after July 1, 2019

What’s next?

We are five months away until the end of the program period. Here are some tips to help you get into the top tier:

Ready to submit your next vulnerability report? Submit it today via our researcher portal aka.ms/secure-at.

Sylvie Liu, Security Program Manager, Microsoft Security Response Center

Share