Are you a security researcher who found a vulnerability in Dreamdata’s application? We want to hear from you. If your identified vulnerability concerns a target within our bounty program's scope, you may receive a bounty payout according to the program description (see below).

The Dreamdata Bounty Program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.

PAYOUT

P1: $500*

P2: $250*

P3: $100*

P4: $50*

*Payout will be in the form of an Amazon giftcard with the values listed below.

TARGETS

In Scope Targets:

• app.dreamdata.io

• api.dreamdata.io

• cdn.dreamdata.cloud 

Out of Scope Tagets:

• dreamdata.io

• authenticate.dreamdata.io

• status.dreamdata.io

• docs.dreamdata.io

• developer.dreamdata.io

OUT OF SCOPE

• Denial of service attacks 

• Social engineering

• Lack of rate-limiting

• Brute-forcing attacks

CODE OF CONDUCT

• You can demonstrate the vulnerability, for example, in a detailed step-by-step guide or video.

• You can show it’s vulnerability not “just” bad practice.

• Denial of service, spam, or phishing attacks are considered abusive and out of scope.

• Do not exfiltrate Dreamdata customer or employee data under any circumstance. Please get in touch with us immediately if you think this is possible or if you have done so inadvertently. We will work with you to assess the full impact of the vulnerability and award you appropriately.