Bug Bounty Program
Community-Powered Security
Protecting our shared digital space
The SQWARE Bug Bounty Program empowers community members to actively contribute to platform security and stability. By identifying and reporting vulnerabilities, you help protect our community-owned gaming ecosystem while earning recognition for your contributions to platform governance.
Program Mission
Security is a community responsibility. Our Bug Bounty Program reflects the core SQWARE principle that those who contribute to platform improvement should have a greater voice in its governance.
Community Protection: Safeguarding the platform that belongs to all of us.
Merit-Based Recognition: Rewarding those who actively contribute to platform security and stability.
Collaborative Development: Building a more secure platform through community participation.
Governance Contribution: Bug reporting directly contributes to your influence over platform decisions and development.
Recognition Categories
Minecraft Compliance
On Minecraft servers and all supported games, bug bounty recognition is awarded as Points via our in-game recognition systems. Tokens are not awarded directly in any game client. Points may be exchangeable for the Token in the future once available. The Token is used for governance rights and platform use only.
-
Enterprise Security
Critical vulnerabilities that could compromise platform infrastructure, user data, or community security.
Recognition Range: Up to 250,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent recognition in Points + Special Recognition Status
Governance Impact: Significant contribution to your platform governance influence and community standing.
-
Platform Stability
Issues that affect platform functionality, game balance, or community experience quality.
Recognition Range: 25,000 - 125,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent Points, based on severity + "[Platform Guardian]" Recognition Tag
Community Impact: Direct contribution to improving the experience for all community members.
-
Preventive Measures
Identifying potential vulnerabilities before they become exploitable issues.
Recognition Range: Discretionary SQ (governance tokens, issued off-game via Points exchange when available) or Points + Enhanced Community Status
Development Input: Priority feedback channels for platform security and development decisions.
Security Categories
Enterprise-Level Vulnerabilities
Critical Infrastructure Threats: Unauthorized access attempts, data exposure risks, or security protocol circumvention.
Community Data Protection: Issues that could compromise personally identifiable information or community member privacy.
Platform Integrity: Vulnerabilities that could undermine the security of our community-owned governance systems.
Platform Stability Issues
Economic Balance: Currency duplication, item generation exploits, or economic manipulation vulnerabilities.
Service Disruption: Server crashes, performance degradation, or service availability threats.
Gameplay Integrity: Exploits that provide unintended advantages or disrupt fair play principles.
Community Security
User Protection: Issues that could enable harassment, privacy violations, or community safety threats.
Governance Security: Vulnerabilities in voting systems, recognition calculations, or governance processes.
Communication Security: Problems with community communication channels or information sharing systems.
Severity Assessment
Critical Severity
Immediate Platform Risk: Issues requiring immediate attention due to potential for significant community harm.
Recognition: Up to 250,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent Points + Permanent "Critical Contributor" status
Governance Rights: Enhanced voting power and potential invitation to security advisory roles.
High Severity
Significant Impact: Problems that substantially affect platform functionality or community experience.
Recognition: 125,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent Points + "High Impact Contributor" recognition tag
Community Role: Priority input on platform security and development decisions.
Medium Severity
Notable Issues: Problems that affect specific features or limited user groups.
Recognition: 75,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent Points + "Platform Guardian" recognition tag
Contribution Credit: Public acknowledgment of your platform improvement contributions.
Low Severity
Minor Problems: Issues with limited impact but valuable for overall platform improvement.
Recognition: 25,000 SQ (governance tokens, issued off-game via Points exchange when available) or equivalent Points + "Community Helper" recognition tag
Development Participation: Access to beta testing and platform improvement discussions.
Reporting Process
Secure Reporting
- Assess the Issue: Understand the potential impact and scope of the vulnerability
- Document Thoroughly: Provide clear reproduction steps, evidence, and impact assessment
- Submit Securely: Use our protected reporting channels to maintain security
Reporting Channels
Primary Method: Support ticket system on our Discord Community
Alternative Contact: Direct email to [email protected] for sensitive vulnerabilities
Emergency Channel: Immediate contact for critical security threats requiring urgent attention
Information Required
- Clear Description: Detailed explanation of the vulnerability or issue
- Reproduction Steps: Step-by-step instructions for reproducing the problem
- Impact Assessment: Your evaluation of the potential community impact
- Supporting Evidence: Screenshots, logs, or other relevant documentation
Recognition Benefits
Immediate Rewards
Recognition: SQ (governance tokens, issued off-game via Points exchange when available) or Points based on report significance.
Special Status: Community recognition tags acknowledging your contribution to platform security.
Public Acknowledgment: Optional public recognition of your security contributions (with your permission).
Long-term Benefits
Governance Influence: Bug bounty contributions directly increase your voice in platform decisions.
Security Advisory: High contributors may be invited to participate in security planning and platform development.
Community Leadership: Recognition as a trusted community member committed to platform improvement.
Platform Development
Priority Feedback: Enhanced access to provide input on security measures and platform improvements.
Beta Access: Early access to new features and security implementations for testing and feedback.
Collaborative Development: Opportunities to work directly with the development team on security improvements.
Community Guidelines
Responsible Disclosure
Confidentiality: Keep vulnerability details private until our team addresses the issue.
Community Protection: Never exploit vulnerabilities for personal gain or to harm other community members.
Collaborative Approach: Work with our team to understand and resolve security issues effectively.
Testing Boundaries
Authorized Testing: Only test on systems and accounts you own or have explicit permission to test.
Impact Minimization: Avoid actions that could harm the platform, disrupt services, or affect other users.
Documentation Focus: Concentrate on documenting and reporting rather than exploiting vulnerabilities.
Recognition Eligibility
Community Membership: Active participation in the SQWARE community and adherence to community guidelines.
Constructive Contribution: Focus on platform improvement rather than self-promotion or disruption.
Collaborative Spirit: Willingness to work with the team and community to resolve issues effectively.
Beyond Security
The Bug Bounty Program represents more than vulnerability management - it's a demonstration of how community members can actively contribute to the security and stability of platforms they help govern.
Shared Responsibility: Platform security is everyone's responsibility in a community-owned environment.
Merit-Based Governance: Those who contribute to platform improvement deserve greater influence over its development.
Collaborative Development: Community-driven security creates more robust and resilient platforms.
Sustainable Protection: Community engagement in security creates long-term platform sustainability.
Getting Started
Every security contribution helps protect our shared digital space while demonstrating the effectiveness of community-driven platform governance.
Your Impact: Bug reports directly contribute to platform security and your governance influence within the community.
Community Role: Security contributors become recognized leaders in platform development and community protection.
Platform Future: Your contributions help prove that community-owned platforms can maintain high security standards through collaborative effort.
Protect Our Community
Platform security is a shared responsibility. Your vigilance and contributions help protect the digital space we're building together.
Report Security Issues Join Security Discussions
Where security is shared responsibility. Where protection builds governance. Where community vigilance creates platform resilience.