We want to keep all our products and services safe for everyone. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. We provide a bug bounty program to better engage with security researchers and hackers. The idea is simple: you find and report vulnerabilities through responsible disclosure process. After they are confirmed we recognize your effort by putting your name/nick, avatar and link in the table below and reward you a bounty paid in Bitcoins!
We've paid bounties to the following world-class hackers:
We promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines. We reserve the right to decide if the the bug is real and serious enough to receive the bounty. We will also change our software to preemptively close possible security holes, even though we know they are not vulnerabilities at the present time. This means we may change our code in response to a report, even though the issue cannot actually be used as an attack. In other words, we don't pay bounties for unproven, theoretical issues, but we reserve the right to patch them anyway. Show us a working exploit if you want to prove it's a true vulnerability.
For reference, please consider the following list of things we want to know about:
In general, these are not too interesting to us: