What is CCP's stance on bug bounty / security issue discoveries?


(Tyleritus) #1

Hi @CCP_Avalon, whats CCPs point of view on bug bounty or users looking for security issues like XSS etc? If we fidn any what is the process.

Thanks!


RSS/Atom feeds
(ISD Max Trix) #2

Should you think that you may have discovered an unknown exploit, please report it directly to us through the “Exploit” category in a support ticket. Furthermore please always remember that exploit abuse carries repercussions as outlined in the EVE Online Terms of Service.

Please bear in mind that publishing steps on how to abuse game errors or making a game feature appear erroneous for personal gain will be treated in the same manner as publishing an exploit, independently of whether or not there is an actual issue. Report all erroneous game behavior immediately.

From this support Article https://support.eveonline.com/hc/en-us/articles/204873262-Known-Declared-Exploits

I am not sure if there is a reward for finding exploits. I think there was one at one point but I can not find the article on it.


(Mabel Honeycomb) #3

The new EVE Online forums are hosted and powered by discourse, if you encounter any exploits in the forum software please report it directly to discourse over here: https://hackerone.com/discourse


(CCP Random) #4