Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Policy
- Security Stance
- Security and transparency are top priorities at Chaturbate. Networks are dynamic. The technology, users, data in the systems, risks, and security requirements are ever-changing. Chaturbate knows that security is never perfect and can never be taken for granted. People will discover new ways to intentionally or unintentionally bypass or subvert security.
- Time can expose new vulnerabilities, and the most effective way to counteract these vulnerabilities is to become aware of them quickly and to fix them immediately with rewards for you.
- Reporting Guidelines
- Submitting clear, detailed reports is highly encouraged. Each report should explain one vulnerability in detail, identify its impact, and most importantly include steps or a "proof of concept" instructions to reproduce the issue.
- Very low-quality reports, such as those which only contain automated output, will be rejected.
- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of service.
- Only interact with accounts you own or with explicit permission of the account holder.
- Include attachments such as screenshots or proof of concept code as necessary.
- Disclose the vulnerability report directly and exclusively to us.
- Rewards
- Please see our reward table above.
- To qualify for a reward under this program, you should be the first to report the vulnerability.
- Scope
- At this time, the scope of this program is limited to security vulnerabilities found on Chaturbate and its supporting services. Vulnerabilities reported for other properties may be considered on a case-by-case basis.
- Exclusions
- While researching, refrain from:
- Interfering with other users of the site
- Denial of service
- Spamming
- Social engineering (including phishing) of staff or contractors
- Any physical attempts against property or data centers
- Scripting or other automation and brute forcing of intended functionality
- The following reports do not qualify
- Reports against other sites, such as "stream ripping" or "stream capping" sites
- Reports that involve manipulating the room user count
- Bugs requiring exceedingly unlikely user interaction
- HttpOnly and Secure cookie flags
- Reports of software version disclosure
- Reporting vulnerabilities that are deemed as accepted risks
- Bugs that don’t affect the latest version of modern browsers, or browser extensions.
- Safe Harbor
- Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
- Thank you for helping keep Chaturbate and our users safe!
- View changesNotify me of changesLast updated on July 18, 2018.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement