Bug Bounty Program
If you believe you have found a security vulnerability on CS:GO Blackjack, we encourage you to let us know right away. Before reporting though, please review this entire page to get an understanding how our bug bounty program works.
To qualify for a bounty, you must:
- Be the first person to responsibly disclose the bug
Report a bug that could compromise the integrity of user data, circumvent the privacy protections of user data, or enable access to a system within our infrastructure or the CS:GO Blackjack accounts, such as:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Broken Authentication
- Circumvention of our Platform/Privacy permission models
- Remote Code Execution
- Privilege Escalation
- Provisioning Errors
- Any other error at server-level
- Make every effort to use a test account instead of a real account when investigating bugs. When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing.
- Not interact with other accounts without the consent of their owners.
- Bounties are awarded at the discretion of CS:GO Blackjack team
- Bounties are ONLY awarded in CS:GO skins
- There is no maximum reward: each bug is awarded a bounty based on its severity and creativity.
- Only one bounty per security bug will be awarded
- We only pay individuals
What you should include in your report
- Detailed steps in your message explaining how to reproduce the bug.
- Clear descriptions of any accounts used in your report and the relationships between them.
Report a bug
If you have found a bug on our website, please send the details of what the bug allows you to do, and step-by-step instructions on how to replicate the bug. If you wish, you can also send us a video (uploaded to Youtube and must be marked as private so only we can see it). Please send all information to support page.