Banner object (1)

Hack and Take the Cash !

676 bounties in database
04/09/2018

Reward

50 $ 

BOHEMIA INTERACTIVE a.s.

Bohemia Interactive is committed to improving our overall security as well as providing a better gaming experience for our players. To build upon this further, we now offer bug bounty program to reward security researchers dedicating their time to make our virtual worlds safer. If you find a security bug that falls within our scope, we are happy to work with you on resolving the issue and ensuring you are fairly rewarded for your discovery.

If you have additional questions or concerns about the program, feel free to contact us at bounty@bistudio.com

Scope

Make sure that the issue you are reporting falls within our scope. Vulnerabilities outside of the scope are not eligible for monetary reward. Critical vulnerabilities outside of the scope might be considered on a case by case basis, although it might be better to contact us at bounty@bistudio.com and ask before dedicating time to such issues.

In case of our games, we are interested in all kinds of cheats, memory/packet manipulation, exploitable functions and other ways to disrupt player experience.

Domains(including their subdomains) within scope

  • bistudio.com
  • bohemia.net
  • ylands.com
  • ylands.net
  • arma2.com
  • arma3.com
  • dayz.com
  • armamobileops.com
  • minidayz.com
  • vigorgame.com

Games partially in scope

DayZ Standalone

  • We currently accept ONLY critical issues until the official inclusion of DayZ into the public program

Arma 3

  • We currently accept ONLY critical issues until the official inclusion of Arma 3 into the public program

Ylands

  • We currently accept ONLY critical issues until the official inclusion of Ylands into the public program

Console titles/versions (DayZ, Vigor ...)

  • We currently accept ONLY critical issues

Scope exclusions

Web

  • Third party software such as forums (https://ylands.com/community/ __, Invision forums)
  • vpn.bistudio.com
  • jury.bistudio.com
  • master.bistudio.com
  • SSL certificate issues
  • Outdated JavaScript libraries
  • Host header injection (without a security risk proof of concept)

Non-qualifying vulnerabilities

  • Issues in 3rd party software (Steam, BattlEye, Invision forums ...)
  • Single player/editor issues which do not affect multiplayer environment
  • Vulnerabilities working only on modded or otherwise manipulated servers
  • Denial of Service attacks
  • Physical attacks against offices and data centers
  • Social engineering of our service desk, employees or contractors
  • Bruteforce password cracking of accounts or services

Please report any gameplay bugs, exploits or crashes on our official feedback tracker https://feedback.bistudio.com/ __

Reward System

Rewards for specific kinds of issues will be awarded based on several factors such as severity/impact of the issue and overall quality of the report. Some projects might have different reward ranges in which case they will be listed here separately. Similar issue in one project might result in different reward in another.

If you encounter an issue in one domain and then report the same issue in another domain, it might be considered a duplicate. If you want to maximize your possible reward, please report all of the affected domains at once.

Product keys - If your reported issue is not severe enough to warrant a reward but is confirmed as an unknown issue, you may be rewarded with a Steam product key. Please note that the type of reward is decided by Bohemia Interactive a.s. and is not negotiable

Terms & conditions

  • Bohemia Interactive reserves the right to decide if the minimum severity threshold is met and whether the issue has been reported previously.
  • Rewards are granted entirely at the discretion of BI. Rewards are not negotiable.
  • Bohemia Interactive will not cover any expenses needed for bug bounty testing, such as product keys.
  • Bohemia Interactive is not responsible if your account becomes banned or corrupted during testing.
  • Only the first reporter of the issue will be rewarded. Duplicate reports of the issue are not eligible for a reward, unless the first ticket isn't clear enough to qualify for the bounty.
  • Our bug bounty program is limited strictly to technical security vulnerabilities of BI applications or services listed in the scope. Any activity that would disrupt, damage or adversely affect any third-party data or accounts is not allowed.
  • Payments are made through HackerOne only. https://www.hackerone.com/terms __
  • Bounties are awarded at a time of issue confirmation.
  • Disclosing the issue before it is fixed may result in a ban from the program.
  • We reserve the right to modify the terms of this program or terminate this program at any time.
Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2018