Does D&D Beyond have a bug bounty program that would allow security testers to legally identify and privately report security vulnerabilities in their website and products? I did a quick search of the website and forums and wasn't able to find anything (perhaps I wasn't looking in the right places).
Does D&D Beyond have a bug bounty program that would allow security testers to legally identify and privately report security vulnerabilities in their website and products? I did a quick search of the website and forums and wasn't able to find anything (perhaps I wasn't looking in the right places).
-
View User Profile
-
View Posts
-
Send Message
D&D Beyond FoundersHi there mediator,
no, there is no "bug bounty program"though thank you for your interest. :)
Curse/Twitch are part of the Amazon family of companies and have access to professional security experts, who conduct security testing.
Any attempts from individuals to identify security vulnerabilities on the D&D Beyond site will be assumed as a hostile act and dealt with accordingly.
Pun-loving nerd | Faith Elisabeth Lilley | She/Her/Hers | Profile art by Becca Golins
If you need help with homebrew, please post on the homebrew forums, where multiple staff and moderators can read your post and help you!
"We got this, no problem! I'll take the twenty on the left - you guys handle the one on the right!"🔊
Understood. Thanks for the quick response.
Worth noting that independent of DNDBeyond Twitch does have a responsible disclosure program which they manage through Bugcrowd.
Interesting that they're not extending it to their other properties.
This should be updated:
Fandom DOES have a bug bounty program and has encouraged reporting of security vulnerabilities per:
https://community.fandom.com/wiki/User_blog:MisterWoodhouse/Introducing_the_Fandom_Bug_Bounty_Program