DREAMDATA BUG BOUNTY PROGRAM

Data security together

Are you a security researcher and have found a vulnerability in Dreamdata’s application? We want to hear from you. If your identified vulnerability concerns a target that is within the scope of our bounty program, you may receive a bounty payout according to the program description (see below).

The Dreamdata Bounty Program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

PAYOUT

Payout will be in the form of an Amazon giftcard with the values listed below.

P1: $500

P2: $250

P3: $100

P4: $50

TARGETS

Primary Targets (In Scope):

• app.dreamdata.io

• api.dreamdata.io

• cdn.dreamdata.cloud 

Out of Scope Targets:

• dreamdata.io

• auth.dreamdata.io & authenticate.dreamdata.io

• status.dreamdata.io

• docs.dreamdata.io

OUT OF SCOPE

• Denial of service attacks 

• Social engineering

• Lack of rate-limiting

• Brute forcing attacks

CODE OF CONDUCT

• You are able to demonstrate the vulnerability, example in an detailed step by step guide or video.

• You can show it’s actually vulnerability not “just” bad practice.

• Denial of service, spam, or phishing attacks are considered abusive and out of scope.

• Do not exfiltrate Dreamdata customer or employee data under any circumstance. Please contact us immediately if you think this is possible, or you have done so inadvertently. We will work with you to assess the full impact of the vulnerability and award you appropriately.