19446 policies in database
Link to program      
2021-07-07
Unity Technology logo
Thank
Gift
HOF
Reward

Reward

100 $ 

Unity Technology

Unity Technologies is committed to helping game developers build games easily and in a secure fashion. As part of this we encourage security researchers to test our security and find the things we miss. We look forward to seeing what you find!

What we expect from you

  • Send us a full, detailed report (discussed below) as soon as possible upon discovery of a potential security issue
  • Refrain from any disclosure to the public or a third-party before resolution of the issue.
  • Make a good faith effort to avoid privacy violations, destruction/modification of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  • If you have compromised a Unity server you will not use it for further chained attacks.
  • Clean up after your tests. Both automated and manual tests can leave a number of dummy and spam entries, so we ask you to do your best to remove them after you're finished.
  • By sending us a report or otherwise participating in our bug bounty program, you agree that you have read and understood this policy and agree to all its terms.

What you can expect from us

  • We will respond to your bug report as quickly as we can.
  • We will keep you updated on the progress of getting the issue fixed.
  • Reward decisions are made once a week.

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.

In Scope

Scope Type Scope Name
api

api.unity.com

undefined

Latest Supported LTS versions of the Unity Editor ( 2018.x / 2019.x / 2020.x )

undefined

Unity Hub

web_application

www.unity3d.com

web_application

id.unity.com

web_application

dashboard.unity3d.com

web_application

store.unity.com

web_application

pay.unity.com

web_application

analytics.cloud.unity3d.com


This policy crawled by Onyphe on the 2021-07-07 is sorted as bounty.

FireBounty © 2015-2021

Legal notices