Vidio Logo

VIDIO BUG BOUNTY PROGRAM

Vidio invites security researchers, hackers, and the general public to participate in our Bug Bounty program, aimed at discovering and addressing security vulnerabilities in our website and mobile applications. We value your commitment to enhancing the security of our services and are eager to collaborate with you in this effort. If you find any method of stealing our content, please inform us as we are interested in exploring it further. Good luck and enjoy the hunt!


Reporting

If you believe you have discovered a security flaw in the Vidio service, please report it immediately. We will talk about it and work together to find a solution.

Please read and understand the following information and regulations before conducting a security research experiment on Vidio:

Reporting Step

You can report your findings to security [at] vidio.com by writing an explanation and sending it to them. The following items must be included in your report:


Rewards

Our rewards are impact-based. What that means is we will issue a relatively high reward for any vulnerability which potentially leaks sensitive user data, but that we will issue little to no reward for a vulnerability that allows an attacker to deface the microsite. When we have our reward meetings, we always ask one question: If a malicious attacker abuses this, how bad are we affected by it? We assume the worse and pay out the bug accordingly. If we receive a report for the same issue, we would only offer the bounty to the earliest reporter for which we had enough actionable information to identify the issue. We do not want to encourage people spamming us with vague issues in an attempt to be first.

At the end of the day, all reward payouts are at our discretion, but we aim to be fair. Some researchers won't agree with our decisions, but we are paying out to the best of our ethical ability and trust that the majority of researchers will consider their rewards fair and in many cases generous. We will adapt as the program continues. By receiving the reward, it would mean that the bounty has been accepted and the terms and conditions of not disclosing the bounty to public applies.


TERMS & CONDITIONS

Please keep in mind that your participation in the Bug Bounty Program is entirely voluntary and is subject to the terms and conditions outlined on this page ("Terms & Conditions"). You acknowledge that you have read and agree to these Program Terms by submitting a site or product vulnerability to Vidio.


Prohibited Testing


In-Scope Domain


In-Scope Vulnerability Classes

Content Protection and DRM Issues:

General Vulnerability Classes:


Out-of-scope Vulnerability Classes


Confidentiality

Bounty must keep confidential any related material or information about Vidio bugs that Bounty learns, either directly or indirectly, in writing, electronically, orally, or by examining natural objects ("Confidential Information"). Prizes may not disclose any Confidential Information to third parties, unless expressly permitted by Vidio. Bounty shall take reasonable steps to protect the confidentiality of, and avoid the disclosure and unauthorized use of, Confidential Information, including, but not limited to, restricting disclosure of such Confidential Information to third parties who have been advised of its confidential nature. And have agreed not to disclose or use such Confidential Information in any way other than as authorized by Vidio. Any unauthorized or suspected use or disclosure of Confidential Information by Bounty must be reported immediately to Vidio. Despite the foregoing, the Bounty has no obligation hereunder for any information that the Bounty knew prior to Vidio's exposure; was publicly available through no fault of the Bounty; was legally and legally disclosed to the Bounty by a third party without any obligation of confidentiality to Vidio; or was independently developed by Bounty without reference to Confidential Information.

Changes to Program Terms

Vidio reserves the right to change or cancel the Bug Bounty Program, including its policies, at any time and without notice. As a result, Vidio reserves the right to change these Program Terms and policies at any time by posting a revised version on our website. You accept the Program Terms, as amended, by participating in the Bug Bounty Program after Vidio posts the changes.


Hall of Fame

This page is dedicated to you. We are honored to have your name displayed here.