Coming Soon: Vulnerability Disclosure Program
Launching in Q1 2023
At Gametize we champion continuous improvement of our product, that is where our Vulnerability Disclosure Program comes in. With help from you, we ensure the Gametize Platform is always up to the latest standards in security and user experience.
This program is perfect for anyone who has an interest in cybersecurity and wishes to make the web a safer place, or for anyone that has an interest to make Gametize a better platform with less bugs.
The Vulnerability Disclosure Program will be launching in Q1 2023, so watch this space.
Refer to the information below to see if this is something you’d want to contribute to. Meanwhile, please do not send us any reports until this program officially launches as they may not be considered.
Your Vulnerability Disclosure Program Participation
Please include the details requested below when submitting a vulnerability report to Gametize. All reports should be submitted in English.
- Demonstrate working proof-of concept of the vulnerability with reproducible steps
- Clearly explain the security implications (i.e. how will the attacker benefit and the consequences of such an attack on our users)
- Submit only one vulnerability per report, unless the vulnerabilities are related (Note that multiple vulnerability reports related to a single underlying issue will be treated as one report)
Terms & Conditions
Gametize reserves the right to modify these terms and conditions at any time.
- You must be 18 years old and above
- You must be the first reporter of the vulnerability
- You must not be located in or is a citizen of any countries listed in UN sanctions: https://www.un.org/securitycouncil/sanctions/information
Follow the Rules
- Do not steal, violate or compromise the data and privacy of users
- Do not violate any applicable laws or regulations
- Do not violate any terms in Amazon Web Service’s pen-test policy
- Do not disclose, retain, duplicate, or otherwise communicate to any third parties any Personally Identifying Information (PII) encountered while conducting your tests
- Do not publicly disclose vulnerabilities without our explicit permission
- Do not engage in destructive automated testing
- Do not incur any loss of funds that are not your own
- Do not mass-create accounts to engage in testing
- Do not conduct tests on accounts that do not belong to you, unless you have the written permission of the owner of those account(s)
- Do not attempt to extort us – please research and disclose vulnerabilities to us in good faith
- You are responsible for any applicable taxes related to the rewards awarded by this programme
- It is entirely up to Gametize’s discretion whether to reward participants, and to determine the type and amount of rewards
Vulnerability reports that involve the following are not eligible for the Vulnerability Disclosure Program.
- Attacks requiring physical access to a user’s device
- Spam or social engineering techniques
- Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
- Denial-of-service attacks (Network and application layers)
- Disclosure of server or software version numbers
- Missing best practices in Content Security Policy
- Missing best practices in SSL/TLS configuration
- Missing email best practices (invalid, incomplete or missing SPF/DKIM/DMARC records, etc.)
- Missing HttpOnly or Secure flags on cookies
- Forms missing CSRF tokens
- Open redirects
- Reports exploiting the behavior of, or vulnerabilities in, outdated browsers and platforms (e.g. tabnabbing)
- User/content enumeration
- Issues relating to unlocking client-side features in modified Gametize applications, rooted devices, or jailbroken devices
- Issues related to software or protocols not under Gametize control
- Issues related to intentional design of Gametize features and its functionality
- Issues without clearly identified security impact
- Publicly announced zero-day vulnerabilities that have an official patch for less than 1 month are generally inadmissible but will be assessed on a case by case basis
What's in it for you?
Earn points to redeem stuff
Redeem rewards such as Gametize t-shirts, gift credits and free subscriptions to the Gametize Platform.
We are still thinking of more cool rewards to offer, so watch this space!
Gametize Vulnerability Disclosure Program Certificate
Add our certification to your portfolio to upgrade your credentials.
Be part of our community
Do you want to receive updates on the Vulnerability Disclosure Program?
Fill up the form below and a friendly Gametize representative will be in touch. Cheers!