Skip to main content
Every verified contribution builds your reputation on the platform. The points and reputation system is designed to reward high-quality, accurate threat reports — not volume — so the community can identify trusted contributors and surface the most reliable intelligence. Your reputation is visible to the community and plays a direct role in your eligibility for advanced roles.

How points are earned

You earn points when a report you submit is verified by the OSM review team. The number of points awarded depends on two factors:
  • Threat severity: Higher-severity threats (for example, active supply-chain attacks or credential stealers) earn more points than low-severity findings.
  • Report quality: Clear evidence, accurate metadata, and well-documented analysis all contribute to a higher quality score, which increases your point award.
You can also earn points (at a lower value) by updating threat records with valuable intel, such as IOCs or threat actor attribution.
To be eligible for the Leaderboard, you must make your profile public though you’re not required to use your real identity. If you decide to make your profile public, other contributors and organizations can view your contribution history as well as your reputation score and points total.

How false positives affect your profile

If a report you submitted is reviewed and determined to be a false positive — a legitimate package or resource incorrectly flagged as malicious — it is marked as such on your profile. False positives:
  • Remain visible on your public contribution history.
  • Do not earn points.
  • May affect your eligibility for reviewer roles if they appear frequently relative to your verified reports.
Deliberately submitting false reports violates the community guidelines and can result in suspension or a permanent ban. See the community guidelines for details.

Modified reports

If a reviewer corrects or updates your submission before it is verified — for example, adjusting the severity classification or adding missing metadata — your report is marked as modified. Modified reports still earn points. The correction is an opportunity to learn what high-quality submissions look like.
Review the feedback on any modified report to improve the accuracy and completeness of future submissions.

Leaderboard recognition

The Security Researcher Leaderboard publicly recognizes the top contributors by total verified points over rolling time periods. Appearing on the leaderboard is a mark of consistent, high-quality contributions to the community’s threat intelligence.

The reviewer path

Experienced contributors with a strong track record of accurate, well-documented reports may be invited to join the review team. Reviewers evaluate incoming threat submissions and help verify reports from other community members.
Reviewer invitations are extended based on your contribution history and reputation score. There is no formal application process. Focus on submitting high-quality reports consistently, and we’ll take notice!