Gametize Academy

Coming Soon: Vulnerability Disclosure Program

Launching in Q1 2023

At Gametize we champion continuous improvement of our product, that is where our Vulnerability Disclosure Program comes in. With help from you, we ensure the Gametize Platform is always up to the latest standards in security and user experience.

This program is perfect for anyone who has an interest in cybersecurity and wishes to make the web a safer place, or for anyone that has an interest to make Gametize a better platform with less bugs.  

The Vulnerability Disclosure Program will be launching in Q1 2023, so watch this space

Refer to the information below to see if this is something you’d want to contribute to. Meanwhile, please do not send us any reports until this program officially launches as they may not be considered.

Your Vulnerability Disclosure Program Participation

Please include the details requested below when submitting a vulnerability report to Gametize. All reports should be submitted in English.

  • Demonstrate working proof-of concept of the vulnerability with reproducible steps
  • Clearly explain the security implications (i.e. how will the attacker benefit and the consequences of such an attack on our users)
  • Submit only one vulnerability per report, unless the vulnerabilities are related (Note that multiple vulnerability reports related to a single underlying issue will be treated as one report)

Terms & Conditions

Gametize reserves the right to modify these terms and conditions at any time.

Eligibility Requirements

Follow the Rules

  • Do not steal, violate or compromise the data and privacy of users
  • Do not violate Gametize’s terms and conditions and privacy policy
  • Do not violate any applicable laws or regulations
  • Do not violate any terms in Amazon Web Service’s pen-test policy
  • Do not disclose, retain, duplicate, or otherwise communicate to any third parties any Personally Identifying Information (PII) encountered while conducting your tests
  • Do not publicly disclose vulnerabilities without our explicit permission
  • Do not engage in destructive automated testing
  • Do not incur any loss of funds that are not your own
  • Do not mass-create accounts to engage in testing 
  • Do not conduct tests on accounts that do not belong to you, unless you have the written permission of the owner of those account(s)
  • Do not attempt to extort us – please research and disclose vulnerabilities to us in good faith

Reward Terms

  • You are responsible for any applicable taxes related to the rewards awarded by this programme
  • It is entirely up to Gametize’s discretion whether to reward participants, and to determine the type and amount of rewards

Ineligible Vulnerabilities

Vulnerability reports that involve the following are not eligible for the Vulnerability Disclosure Program.

  • Attacks requiring physical access to a user’s device
  • Spam or social engineering techniques
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  • Denial-of-service attacks (Network and application layers)
  • Disclosure of server or software version numbers
  • Missing best practices in Content Security Policy
  • Missing best practices in SSL/TLS configuration
  • Missing email best practices (invalid, incomplete or missing SPF/DKIM/DMARC records, etc.)
  • Missing HttpOnly or Secure flags on cookies
  • Forms missing CSRF tokens
  • Self-XSS
  • Open redirects
  • Reports exploiting the behavior of, or vulnerabilities in, outdated browsers and platforms (e.g. tabnabbing)
  • User/content enumeration
  • Issues relating to unlocking client-side features in modified Gametize applications, rooted devices, or jailbroken devices
  • Issues related to software or protocols not under Gametize control
  • Issues related to intentional design of Gametize features and its functionality
  • Issues without clearly identified security impact
  • Publicly announced zero-day vulnerabilities that have an official patch for less than 1 month are generally inadmissible but will be assessed on a case by case basis

What's in it for you?

Earn points to redeem stuff

Redeem rewards such as Gametize t-shirts, gift credits and free subscriptions to the Gametize Platform.

We are still thinking of more cool rewards to offer, so watch this space!

Gametize Vulnerability Disclosure Program Certificate

Add our certification to your portfolio to upgrade your credentials.

Be part of our community

You’ll become a part of an innovative community that transforms the way we work and play. Learn from each other, share insights, and grow with us.

Do you want to receive updates on the Vulnerability Disclosure Program?

Fill up the form below and a friendly Gametize representative will be in touch. Cheers!

* indicates required
Which program(s) would you like to join?
Where did you hear about us?