One of the primary challenges when running a vulnerability coordination program is distinguishing signal from noise. Our former colleagues at Facebook evaluate over 20 invalid submissions for each valid report - that's only 4.6% signal! The programs hosted at HackerOne have fared a bit better: on average 19% of reports are valid, but some outliers deal with as low as 6%. This noise is undesirable for everyone, driving up response time, introducing unnecessary latency in resolving security issues, and increasing the likelihood that valuable signal will get lost.
more here..........https://hackerone.com/news/introducing-reputation
more here..........https://hackerone.com/news/introducing-reputation