Bitcoin Forum>Bitcoin>Development & Technical Discussion
Pages:
Author

Topic: Ice-Dice.com Bug Bounty Program On Testnet Subdomain - page 2. (Read 2200 times)

icedicedavid
full member
Activity: 154
Merit: 100
Ice-Dice.com | Massive Referral Bonus!
Re: Ice-Dice.com Bug Bounty Program On Testnet Subdomain
October 25, 2013, 10:30:31 PM
#1
Ice-Dice.com understands the important of security and the safety of our customers and investors bitcoins is very important to us. This is why we are launching our bug bounty program and launched our Testnet subdomain http://testnet.ice-dice.com for security researchers to find vulnerabilities.

We ask all security researchers to:

- Do not test on the main site, use http://testnet.ice-dice.com only! If you exploit the main site, you will not be eligible for rewards!
- Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
- Making a good faith effort to not leak or destroy any production user data (testnet website is fine)
- Not defrauding Ice-Dice.com users or Ice-Dice.com itself in the process of discovery.
- In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.

Rewards

The minimum payout is 0.5 bitcoin for reporting a previously unknown security vulnerability of sufficient severity. There is no maximum reward, and we may award higher amounts based on severity or creativity of the vulnerability found.

We also provide attribution as a thank you.

Eligibility

We reserves the right to decide if the minimum severity threshold is met and whether it was previously reported.

In general, anything which has the potential for financial loss or data breach is of sufficient severity, including:

- XSS
- CSRF
- Authentication bypass or privilege escalation
- Click jacking
- Remote code execution
- Obtaining user information

In general, the following would not meet the threshold for severity:

- Vulnerabilities on sites hosted by third parties unless they lead to a vulnerability on the main website
- Denial of service
- Spamming
- Vulnerabilities in third party applications

To Submit a bug report, please email [email protected] with the following:

- Description and potential impact
- Steps to reproduce the issue or a proof of concept

Severe Awards
- none yet

Non-Severe Awards (Bugs that will not cause financial loss or data breach)
- Christy Philip Mathew - @christypriory
- Issam Rabhi - @Issam_Rabhi
- Anand M
- Siddhesh Gawde
- Sahil Saif
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: