i knew but statement above from Staff said suspended forever , thats why i asked.
This topic has been temporarily closed due to off-topic discussion. As noted earlier, only support can respond to questions related to individual accounts.
Iāve re-opened the topic for now. Please make sure your post is directly related to the vulnerability bug bounty program. For example, discussing disciplinary actions is off-topic.
@Barrista. Sounds like bad boards to me. I have been beaten by a weaker team. Tiles are 70% of damage dealt. You get a bad board you get defeated or on a titan a low score.
@mhalttu I recently submitted a bug which you accepted yourself. Could you explain what the various levels P1-P5 requirements are and their monetary values. Feel free to PM me if you donāt want to discuss on the forum.
Thank you for the report! Iāll answer here on a high level, and will contact you separately through BugCrowd.
- Due to the way BugCrowd works, there are two programs: Paid Bounty and Public Vulnerability Disclosure Program (PVD). The former is invite-only and provides real-money bounties. The latter is open for public.
- If you report a valid vulnerability through PVD, you can request a bounty. In that case, I can invite you to the Paid Bounty program. You can then re-submit your finding and I can pay out the bounty there. Itās a bit inconvenient process, but it seems like this is the best BugCrowd can offer.
- The priority levels are as follows. Iāll write the paid bounty range in parenthesis.
- P1: Critical ($2,800 - $4,500)
- P2: Severe ($1,000 - $1,400)
- P3: Moderate ($350 - $500)
- P4: Low ($150 - $175)
- P5: Informational (no bounty)
- We are also able to give a reward up to $10,000 for an exceptional submission
- All of these numbers are coming from BugCrowd, and may change in the future.
Yes there are. SGG too busy gazing their collective navel rather than work on improving and fixing game.
Azlar damage to all enemies is greater than the 205%.
I know I shouldnāt feed a troll, but this comment doesnāt make any sense. The whole point of this program is about Small Giant paying a fair reward to learn about bugs that we have been unable to discover ourselves.
There are much larger companies than us who have a similar program. Surely a trillion dollar company like Apple doesnāt have any vulnerabilities? If you havenāt seen this list, itās pretty eye-opening: About the security content of iOS 14.2 and iPadOS 14.2 - Apple Support.
Letās try to keep the discussion constructive and on the topic.
Good luck with that
Hi,
This was not meant to Troll you but rather was my first foray in trying to report an issue and replying to someone elseās comment. Somehow my reply got tagged to your comment.
If only you were as quick to respond to my ticket than you are to so-call āfeedā trolls, perhaps this game would be enjoyable again.
My point is not about the bounty program. Obviously, the community is in a much better position than the devs in finding issues, after all, we play this game to the fullest.
My point, however, is that there is a perceived reality that SGG is spending all their efforts on novelties and are slow at fixing and improving current product. Look at all the repeat issues reported and the timeline in fixing them.
Regards
This is really clear, and i understand thereās an official route to report a bug to undoubtedly reward the first person discover it.
But i want to make a consideration that of course is born after the Morlovia bug.
I donāt know if @CertainHeredity was the first to report the bug in the official way, but it surely was the first with the guts to say out loud here on the forum something that many before him tried to exploit rather then tell to you.
As such, i really hope you properly compensate him.
At the same way, there will probably people not really seasoned with the forum or the bounty program,but that may discover a bug and rather then take the official path as fast as they can, come just here and open a topic about that.
Then a sharper user could simply steal that discover and report it himself as fast as he can trying to claim the price.
Really hope before doing so and reward only the faster, you take a moment to consider which effectly was the first person trying to help you.
Otherwise is just a rat race.
We rewarded both the person who first reported the issue to us through BugCrowd as well as the person who first reported it to the player support.
In the future, the plan is to reward the first reporter. However, the preferred channel is absolutely through BugCrowd. I am personally reading every vulnerability report but I cannot read every message sent to the player support.
Being the first person to report a vulnerability on the forums is not something I want to reward for the obvious reasons.
Perhaps the best compromise is to have players not familiar with BugCrowd report first through customer support ( for time stamp ) and have customer support send an email referring them to BugCrowd.
or if BugCrowd has current, or future, infrastructure for contacting a user if customer support were to forward the ticket directly to BugCrowd. I am not sure BugCrowdās business model.
To clarify - Iām a
No, they didnāt, but it is not important to me at all. I didnāt do it to get a reward - I wanted fairness.
i have sent videos and screenshots as well as a description of the exploit using the contact form that was linked to my post. I donāt know if I was the first one to do so. doesnāt look like that, but it doesnāt matter to me either.
The really bad side of the story is that a very small part of the community have gone really really mad.
The fact that i used the same LineID as my ingame nick and the forum nick made me easy to find.
I received threats, insults, pictures and videos with ā ā ā , rape and violence fantasies from several hundred people via line. People who were blocked in the game sent me voice messages. They insulted me, screamed around and wished me an imminent death.
My line ID went through various E&P line groups and the group members were actively encouraged to insult and intimidate me.
People who were in an alliance with me were also victims of insults and harassment. We reported several users who were in the German speaking ingame-chats and insulted us.
For my protection and to protect the reputation of my alliance, I removed my forum avatar, deleted my line, renamed myself in the game and left my alliance - left my brothers in arms without a word. This whole situation really got me down and I hope that they wonāt find me again. I did nothing wrong. But others did. Maybe I can get a free rename without spending gems from SG - as a backup if they will find me again. That would be very very nice.
Wow, thatās the price for coming out and do what itās right to do. And nothing in return to mitigate it.
Surely not something encourage me to do the same. Anyone, i guess.
If i ever find something like this, iām really troubled if itās really worth report it.
From my part, maximum respect and empathy.
You and your friends donāt deserve this.
BugCrowd
Looks like SGG has a private BugCrowd area. Sort of like this forum software is run by Discourse.org for SGG
User ID
But given @CertainHeredity
unfortunate experience, I would definitely recommend using a different ( or disposable) email / User ID.
Perhaps @mhalttu might mention that in the top post.
Hi @CertainHeredity, I am really sorry to hear that you have experienced inappropriate, and even toxic or threatening behavior from any part of the Empires & Puzzles Community. We find this absolutely deplorable and have a zero-tolerance policy towards harassment.
If you are the victim of or witness inappropriate behavior in our game, please contact us so we can act swiftly to take all appropriate moderation action. Please contact support using the in-game support button, you can find more information here.
As with all support requests, it is important to include as much detail as possible, such as exact player names, Alliance names, time and date of the abuse, and any screenshots you may have.
Unfortunately, any inappropriate behavior that occurs outside of the game and our official channels (such as Line chat) is beyond our control. I would strongly recommend that you immediately contact the Customer Support for whichever Communication App, Forum, or Unofficial Group that was used when the incident(s) in question occurred as quickly as possible and with as much detail as possible.
If you still feel the need to change your name in-game, please contact Support and ask for me in the ticket, or you may PM directly here and we would be happy to grant you a free name change.