Bohemia Interactive is committed to improving our overall security as well as
providing a better gaming experience for our players. To build upon this
further, we now offer bug bounty program to reward security researchers
dedicating their time to make our virtual worlds safer. If you find a security
bug that falls within our scope, we are happy to work with you on resolving
the issue and ensuring you are fairly rewarded for your discovery.
If you have additional questions or concerns about the program, feel free to
contact us at firstname.lastname@example.org
Make sure that the issue you are reporting falls within our scope.
Vulnerabilities outside of the scope are not eligible for monetary reward.
Critical vulnerabilities outside of the scope might be considered on a case by
case basis, although it might be better to contact us at
ask before dedicating time to such issues.
In case of our games, we are interested in all kinds of cheats, memory/packet
manipulation, exploitable functions and other ways to disrupt player
Domains(including their subdomains) within scope
Games partially in scope
- We currently accept ONLY critical issues until the official inclusion of DayZ into the public program
- We currently accept ONLY critical issues until the official inclusion of Arma 3 into the public program
- We currently accept ONLY critical issues until the official inclusion of Ylands into the public program
Console titles/versions (DayZ, Vigor ...)
- We currently accept ONLY critical issues
- Third party software such as forums (https://ylands.com/community/ __, Invision forums)
- SSL certificate issues
- Host header injection (without a security risk proof of concept)
- Issues in 3rd party software (Steam, BattlEye, Invision forums ...)
- Single player/editor issues which do not affect multiplayer environment
- Vulnerabilities working only on modded or otherwise manipulated servers
- Denial of Service attacks
- Physical attacks against offices and data centers
- Social engineering of our service desk, employees or contractors
- Bruteforce password cracking of accounts or services
Please report any gameplay bugs, exploits or crashes on our official feedback
tracker https://feedback.bistudio.com/ __
Rewards for specific kinds of issues will be awarded based on several factors
such as severity/impact of the issue and overall quality of the report. Some
projects might have different reward ranges in which case they will be listed
here separately. Similar issue in one project might result in different reward
If you encounter an issue in one domain and then report the same issue in
another domain, it might be considered a duplicate. If you want to maximize
your possible reward, please report all of the affected domains at once.
Product keys - If your reported issue is not severe enough to warrant a
reward but is confirmed as an unknown issue, you may be rewarded with a Steam
product key. Please note that the type of reward is decided by Bohemia
Interactive a.s. and is not negotiable
Terms & conditions
- Bohemia Interactive reserves the right to decide if the minimum severity threshold is met and whether the issue has been reported previously.
- Rewards are granted entirely at the discretion of BI. Rewards are not negotiable.
- Bohemia Interactive will not cover any expenses needed for bug bounty testing, such as product keys.
- Bohemia Interactive is not responsible if your account becomes banned or corrupted during testing.
- Only the first reporter of the issue will be rewarded. Duplicate reports of the issue are not eligible for a reward, unless the first ticket isn't clear enough to qualify for the bounty.
- Our bug bounty program is limited strictly to technical security vulnerabilities of BI applications or services listed in the scope. Any activity that would disrupt, damage or adversely affect any third-party data or accounts is not allowed.
- Payments are made through HackerOne only. https://www.hackerone.com/terms __
- Bounties are awarded at a time of issue confirmation.
- Disclosing the issue before it is fixed may result in a ban from the program.
- We reserve the right to modify the terms of this program or terminate this program at any time.
Hall of Fame