You must not
- Attempt to access to user accounts or user data
- Share publicly any bug you discover until it has been fixed
- Test for vulnerabilities on properties and software not listed under Open bounties. Some products hosted on subdomains of Dadi.tech are operated by third parties and must not be tested
- Impact other users. Your DADI account may be suspended if you do so
- Carry out any attack that may harm the reliability/integrity of our services or data. DDoS/spam attacks are strictly forbidden
- Use scanners or automated tools, again we may suspend your DADI account
- Try any non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure
- When in doubt, contact us
- Respond to your submission as soon as we can
- Keep you updated on our progress in fixing the bug you submitted
- Not take legal action against you if you have followed the rules
- Answer any questions you have via our contact page
Things to bear in mind
- We are only interested in bugs that affect latest versions of modern browsers (Chrome, Firefox, Edge, Safari), and no bugs that relate to browser extensions please
- We will not tolerate scripting or other automation or brute forcing of intended functionality
- Apps not listed under Open bounties are generally not eligible for bug bounties. You’ll find more details on scope in individual bounties
- Bugs that occur as a result of extremely unlikely user interaction will be ignored
- We will not consider bugs in content/services/products that are not owned/operated by DADI, including our users’ code and third party services operating within our infrastructure
- Insecure cookie settings for non-sensitive cookies do not qualify
- Any vulnerabilities that DADI determines to be an accepted risk will not be eligible
- We have listed the vulnerability classifications we use to organize any submissions made to the Bounty program. Please use this for guidance
- Any bug submitted by another user will not qualify, nor will those we are already aware of, or any that have been classified as ineligible
- As always, if you have a question, contact us
DADI API is a high performance RESTful API layer designed in support of API-first development and the principle of COPE.
Because API sits at the heart of the DADI platform, security has always been a high priority.
Rewards range from $200 up to $5,000 and are determined at our discretion based on a number of factors.
DADI CDN is a JIT asset manipulation and delivery application, providing a complete content distribution solution.
DADI CDN provides content manipulation for many high profile businesses, making security of utmost importance.
Rewards range from $100 up to $2,500 and are determined at our discretion based on a number of factors.