Reporting Security Vulnerabilities
If you believe you have found a security vulnerability on Airship, we appreciate your responsible disclosure to our team through our dedicated security email: security@easy.gg
In your disclosure, please include the following information:
- A summary of the vulnerability.
- A description of the impact of the vulnerability.
- Steps to reproduce the vulnerability.
For all valid disclosures, our team will confirm receipt of your report and keep you updated of our remediation progress.
Bounty Program
As an additional incentive for responsible disclosure, Easy Games may, at our discretion, award bounties for correctly disclosed vulnerabilities. The severity of the vulnerability will be determined by our team after a full disclosure has been made.
| Severity | Bounty |
|---|---|
| Low | $0-$100 |
| Medium | $100-$500 |
| High | $500-$1,000 |
| Critical | $1,000-$2,500 |
Good Faith Security Research
All vulnerability research must be conducted in good faith. This means:
- Your research must consist exclusively of good faith testing, investigation, or correction of a security flaw, with the primary goal of promoting the safety of the class of devices, machines, or online services to which any accessed computers belong.
- You will not violate Airship users' security and privacy, and will not harm individuals or the public.
- Your research will proceed only as far as necessary to demonstrate or clarify the security issue, and no further.
- If a vulnerability provides unintended access to data, you will limit the amount of data you access to the minimum required for effectively demonstrating a proof of concept. Stop the research and submit a report immediately if you encounter any user data during testing, such as personal information, financial information, or proprietary information.
- You will report the findings of your research to us within 72 hours of determining a potential security concern via our security email: security@easy.gg
- You will provide us with a reasonable amount of time to resolve the issue before you disclose it publicly. We expect to fix most security vulnerabilities within 30 days.
- You may only interact with accounts you own or with explicit written permission from Easy Games or the account owner.
- No stunt hacking.
- No extortion or harassment.
Safe Harbor
We consider Good Faith Security Research to be authorized activity that is protected from adversarial legal action by us. This means that, for activity conducted while this program is active, we:
- Will not bring legal action against you or report you for Good Faith Security Research, including for bypassing technological measures we use to protect the applications in scope; and,
- Will take steps to make known that you conducted Good Faith Security Research if someone else brings legal action against you.
Note that for the purposes of safe harbor, Easy Games does NOT waive a right to pursue remedies against security research activities targeting other Airship customers' resources, operations, or users.