Community Central
Don't have an account?
Register
Register
Community Central
Community Central
35,363
pages
in: Staff blogs, Blog posts

Introducing the Fandom Bug Bounty Program

MisterWoodhouse
MisterWoodhouse 24 July 2019 User blog:MisterWoodhouse

Hello, all!

Today I am excited to announce another new project here at Fandom— our official bug bounty program. This program is starting on D&D Beyond, but we intend to expand it to our other platforms over time, arriving on Fandom and Gamepedia sometime next year.

What is a bug bounty program?[]

A bug bounty program is where we invite skilled security researchers/ethical hackers (AKA “white hat hackers”) to try to find security issues in our applications and report them to us responsibly. In return, we pay them bounties of different amounts depending on the severity of the vulnerability they report and the impact it could have to our users and our business. By leveraging the skill and tenacity of white hats, we can better improve the security of our sites while pursuing our other development projects without delays.

How does this work?[]

We have decided to use Bugcrowd as our bounty platform after comparing the major platforms. Prior to the Fandom/Curse merger, some Curse properties were covered by Bugcrowd under Twitch’s bug bounty platform, so there’s some familiarity for us.

At the moment, we have a “private” bounty program, in which Bugcrowd invites a select number of pre-vetted white hats to work on cracking D&D Beyond. Their findings are analyzed by a Bugcrowd engineer, who sends us all the necessary information to make an actionable Jira ticket for the development team. The researcher responsible for the finding is then paid based on the severity and potential impact of the weakness uncovered.

As our program expands, we will add more of our properties and increase the pool of researchers. When the new Fandom wiki platform launches, we will be extending bounty program invitations to Fandom users who have responsibly reported bugs and vulnerabilities over the years, allowing them to be rewarded for additional disclosures going forward.

Have questions? Leave them below and we’ll answer them as best we can!


MisterWoodhouse
Will "MisterWoodhouse" Kavanagh
Fandom Staff
Will was the Global Communications Lead at Fandom, but no longer works here. Before that, he was the Community Manager for Gamepedia and the Gaming Community Manager for Imzy. Outside of work, he hangs at the beach, explores breweries, plays golf, and lifts big weights for fun.
View Profile
Want to stay up to date on the latest feature releases and news from Fandom?
Click here to follow the Fandom staff blog.

Click here to sign up for the From the Desk of Community email newsletter.

Want to get real-time access to fellow editors and staff?
Join our Official Discord server for registered editors!
Community content is available under CC-BY-SA unless otherwise noted.