Bitcoin Forum

Bitcoin => Project Development => Topic started by: bidybit on September 06, 2015, 08:24:05 AM


Title: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: bidybit on September 06, 2015, 08:24:05 AM
Noticed a security vulnerability?
www.bidybit.com
Send it to us! We will appreciate it and reward you depending on the impact and likelihood of the vulnerability.

Reported bugs will be assessed by BidyBit security team to see whether reported vulnerability is as bad as it is to determine amount of the reward. BidyBit team reviews incoming vulnerability reports in 30 days. Afterwards one of our team members will contact you for either a) finding out more about the vulnerability and eventually reward you or b) send conclusion about identified vulnerability and amount of the reward. Please report a potential security issue ASAP.

BidyBit not only rewards you with monetary value, but as well as you will be included in our hall of fame of bug hunters depending on the sophistication, impact and likelihood of the bug. We are mainly looking for the following type of vulnerabilities:

  • Cross-Site Scripting;
  • Remote Code Execution;
  • Cross-Site Request Forgery;
  • Information Disclosure;
  • Content Spoofing;
  • and et cetera.
.
.
So if you got anything to report, please send it to security@bidybit.com (SUBJECT: Security vulnerability). Recommended layout of the vulnerability reporting is following (we highly suggest you to follow it in order to speed up evaluation process):

  • Layout is based on four sections: 1. Observation (what happened, name of the type of the vulnerability, how the attack can be repeated)
    2. Risk 3. Potential impact 4. Recommendations to fix it;
  • Steps in your message explaining how to reproduce the bug. Links, videos, images, user names and other useful information/attachments are very welcome;
  • Clear explanation (KISS (keep it simple, stupid) principle).
.
.
AND PLEASE DO NOT PUBLICLY DISCLOSE THE VULNERABILITY BEFORE WE HAVE FIXED IT.

Best of luck and regards,
BidyBit | Support Center

Title: Re: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: bidybit on September 06, 2015, 08:28:43 AM
official thread for our game on this forum:
https://bitcointalk.org/index.php?topic=1139941.0

Title: Re: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: bidybit on September 07, 2015, 10:42:15 AM
So if you got anything to report, please send it to security@bidybit.com (SUBJECT: Security vulnerability).

Title: Re: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: jdebunt on September 07, 2015, 05:12:33 PM
Interesting strategy, curious to see what people can come up ith! (hopefully nothing, but no system is 100% secure)

Title: Re: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: bidybit on September 10, 2015, 01:31:50 AM
Quote from: jdebunt on September 07, 2015, 05:12:33 PM
Interesting strategy, curious to see what people can come up ith! (hopefully nothing, but no system is 100% secure)
That is correct no system can be 100% secure, but we are making sure that our's stays at the 99.9% level.

Title: Re: BidyBit - Noticed a security vulnerability? Get paid for it!
Post by: melisande on September 13, 2015, 08:13:47 AM
I cant see any bug either but the website response very fast to clicking though one of the games that I like is in progress.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines