Bug bounty program

No technology is perfect, and SiennaNation believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Bounty rules

Only test on accounts and Discord servers you directly own
Testing should never affect other users or servers
Don't perform any actions that could harm the reliability or integrity of our services and data (brute forcing, DoS, etc...)
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
No information about issues found should be publicly disclosed or shared until we've confirmed the completion of the resolution

Non-qualifying vulnerabilities and exclusions

Denial of service
Spamming
Social engineering (including phishing) of SiennaNation staff or contractors
Any physical attempts against SiennaNation property or data centers
Vulnerabilities in APIs we integrate with (e.g Twitch or YouTube)
Email SPF and DMARC records
Open CORS headers
Publicly accessible login panels
Reports on the subdomain help.SiennaNation.xyz
Brute force attacks

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Rewards

Critical impact: US$20
High impact: US$15
Medium impact: US$10
Low impact: US$5

Please note that SiennaNation reserves the right to award the reward at its sole discretion.

Thank you for helping keep SiennaNation and our users safe!