Rules for you
- Don’t attempt to gain access to user accounts or user data
- Don’t perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed
- Don’t publicly disclose a bug before it has been fixed
- Only test for vulnerabilities on properties and software you know to be operated by DADI and listed under Open bounties. Some products hosted on subdomains of Dadi.tech are operated by third parties and should not be tested
- Do not impact other users with your testing. We may suspend your DADI account if you do so
- Don’t use scanners or automated tools to find vulnerabilities. They’re noisy and we may suspend your DADI account
- Never attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure
- When in doubt, contact us
Rules for us
- We will respond as quickly as possible to your submission
- We will keep you updated as we work to fix the bug you submitted
- We will not take legal action against you if you play by the rules
What does not qualify?
- Bugs that don’t affect the latest version of modern browsers (Chrome, Firefox, Edge, Safari). Bugs related to browser extensions are also out of scope
- Bugs requiring exceedingly unlikely user interaction
- Insecure cookie settings for non-sensitive cookies
- Disclosure of public information and information that does not present significant risk
- Bugs that have already been submitted by another user, that we are already aware of, or that have been classified as ineligible
- Bugs in apps not listed under Open bounties are generally not eligible. Look at individual bounties for details on scope
- Bugs in content/services/products that are not owned/operated by DADI. This includes our users’ code and third party services operating within our infrastructure
- Vulnerabilities that DADI determines to be an accepted risk will not be eligible for a paid bounty or listing on the site
- Scripting or other automation and brute forcing of intended functionality
- For guidance, we have listed the vulnerability classifications we use to organize submissions made to the Bounty program
- When in doubt, contact us
DADI API is a high performance RESTful API layer designed in support of API-first development and the principle of COPE.
Because API sits at the heart of the DADI platform, security has always been a high priority.
Rewards range from $200 up to $5,000 and are determined at our discretion based on a number of factors.
DADI CDN is a JIT asset manipulation and delivery application, providing a complete content distribution solution.
DADI CDN provides content manipulation for many high profile businesses, making security of utmost importance.
Rewards range from $100 up to $2,500 and are determined at our discretion based on a number of factors.