Bug Bounty Program
Bug bounty program
No technology is perfect, and Who's Insane believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Bounty rules
Only test on accounts and Discord servers you directly own
Testing should never affect other users or servers
Don't perform any actions that could harm the reliability or integrity of our services and data (brute forcing, DoS, etc...)
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
No information about issues found should be publicly disclosed or shared until we've confirmed the completion of the resolution
Non-qualifying vulnerabilities and exclusions
Denial of service
Spamming
Social engineering (including phishing) of Who's Insane staff or contractors
Any physical attempts againstWho's Insane property or data centers
Vulnerabilities in APIs we integrate with (e.g Twitch or YouTube)
Email SPF and DMARC records
Open CORS headers
Publicly accessible login panels
Brute force attacks
Safe Harbor
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Rewards
Please note that Who's Insane reserves the right to award the reward at its sole discretion.
Thank you for helping keep Who's Insane and our users safe!