Coming Soon: Vulnerability Disclosure Program

Loading... 88%

Almost launching, just finalizing the last few details...

About the Program

At Gametize we champion continuous improvement of our product, that is where our Vulnerability Disclosure Program comes in. With help from you, we ensure the Gametize Platform is always up to the latest standards in security and user experience.

This program is perfect for anyone who has an interest in cybersecurity and wishes to make the web a safer place, or for anyone that has an interest to make Gametize a better platform with less bugs.

Refer to the information below to see if this is something you’d want to contribute to. Meanwhile, please do not send us any reports until this program officially launches as they may not be considered.

Your Participation in the Vulnerability Disclosure Program

Please include the details requested below when submitting a vulnerability report to Gametize. All reports should be submitted in English.

Demonstrate working proof-of concept of the vulnerability with reproducible steps
Clearly explain the security implications (i.e. how will the attacker benefit and the consequences of such an attack on our users)
Submit only one vulnerability per report, unless the vulnerabilities are related (Note that multiple vulnerability reports related to a single underlying issue will be treated as one report)

Terms & Conditions

Gametize reserves the right to modify these terms and conditions at any time.

Eligibility Requirements

You must be 18 years old and above
You must be the first reporter of the vulnerability
You must not be located in or is a citizen of any countries listed in UN sanctions: https://www.un.org/securitycouncil/sanctions/information

Follow the Rules

Do not steal, violate or compromise the data and privacy of users
Do not violate Gametize’s terms and conditions and privacy policy
Do not violate any applicable laws or regulations
Do not violate any terms in Amazon Web Service’s pen-test policy
Do not disclose, retain, duplicate, or otherwise communicate to any third parties any Personally Identifying Information (PII) encountered while conducting your tests
Do not publicly disclose vulnerabilities without our explicit permission
Do not engage in destructive automated testing
Do not incur any loss of funds that are not your own
Do not mass-create accounts to engage in testing
Do not conduct tests on accounts that do not belong to you, unless you have the written permission of the owner of those account(s)
Do not attempt to extort us – please research and disclose vulnerabilities to us in good faith

Reward Terms

You are responsible for any applicable taxes related to the rewards awarded by this programme
It is entirely up to Gametize’s discretion whether to reward participants, and to determine the type and amount of rewards

Ineligible Vulnerabilities

Vulnerability reports that involve the following are not eligible for the Vulnerability Disclosure Program.

Attacks requiring physical access to a user’s device
Spam or social engineering techniques
Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
Denial-of-service attacks (Network and application layers)
Disclosure of server or software version numbers
Missing best practices in Content Security Policy
Missing best practices in SSL/TLS configuration
Missing email best practices (invalid, incomplete or missing SPF/DKIM/DMARC records, etc.)
Missing HttpOnly or Secure flags on cookies
Forms missing CSRF tokens
Self-XSS
Open redirects
Reports exploiting the behavior of, or vulnerabilities in, outdated browsers and platforms (e.g. tabnabbing)
User/content enumeration
Issues relating to unlocking client-side features in modified Gametize applications, rooted devices, or jailbroken devices
Issues related to software or protocols not under Gametize control
Issues related to intentional design of Gametize features and its functionality
Issues without clearly identified security impact
Publicly announced zero-day vulnerabilities that have an official patch for less than 1 month are generally inadmissible but will be assessed on a case by case basis

What's in it for you?

Earn points to redeem stuff

Redeem rewards such as Gametize t-shirts, gift credits and free subscriptions to the Gametize Platform.

We are still thinking of more cool rewards to offer, so watch this space!

Gametize Vulnerability Disclosure Program Certificate

Add our certification to your portfolio to upgrade your credentials.

Be part of our community

You’ll become a part of an innovative community that transforms the way we work and play. Learn from each other, share insights, and grow with us.