Website and App Scanning : Look for vulnerabilities or flaws in a website or application. Network Security Testing: Searches the network for vulnerabilities that could be exploited by attackers. Mobile Application Vulnerability Disclosure: Identify defects or security gaps in mobile applications. Server Vulnerability Tracking: Looks for vulnerabilities in server configurations and related infrastructure. Protocol Vulnerability Analysis : Testing the security of communication protocols used in applications or systems. Discovery of Misuse Loopholes : Find unintended usage methods or gaps in application logic. Identify Vulnerable Configurations : Find system or application configurations that are vulnerable to attack. API Vulnerability Analysis : Testing the security and integrity of the API (Application Programming Interface) used in the application or system. Data Storage Vulnerability Scanning : Search for vulnerabilities in the storage and processing of sensitive data. Spam or Fraud: Spam, phishing, or other fraudulent activity that is not directly related to a technical vulnerability.

Customer Service Issues: Complaints or problems related to customer service such as product quality, delivery, or the ordering process. New Feature Development: Proposals or suggestions for developing new features in applications or systems. Copyright or Trademark Violation: Violation of copyright, trademark or other intellectual property rights. Non-Compliance With Policies or Terms of Use: Violation of the policies or terms of use established by the service provider. General Criticism or Opinion: General criticism, opinions, or suggestions that are not reports of vulnerabilities or technical weaknesses. Performance or Optimization Issues: Complaints related to application performance or code optimization are not related to security vulnerabilities. Content Development: Suggestions or suggestions for new content in an application or website. UI/UX Development: Suggestions or input related to developing a better user interface or user experience.

VCGamers Vulnerability Disclosure Information Page

Welcome to the VCGamers Vulnerability Disclosure Information Page

VCGamers is very grateful and hopes to give appreciation to external security researchers for their contribution to user security and all activities that occur at VCGamers.

Vulnerability Disclosure Coverage

In Scope

Website and App Scanning: Look for vulnerabilities or flaws in a website or application.
Network Security Testing: Searches the network for vulnerabilities that could be exploited by attackers.
Mobile Application Vulnerability Disclosure: Identify defects or security gaps in mobile applications.
Server Vulnerability Tracking: Looks for vulnerabilities in server configurations and related infrastructure.
Protocol Vulnerability Analysis: Testing the security of communication protocols used in applications or systems.
Discovery of Misuse Loopholes: Find unintended usage methods or gaps in application logic.
Identify Vulnerable Configurations: Find system or application configurations that are vulnerable to attack.
API Vulnerability Analysis: Testing the security and integrity of the API (Application Programming Interface) used in the application or system.
Data Storage Vulnerability Scanning: Search for vulnerabilities in the storage and processing of sensitive data.
Spam or Fraud: Spam, phishing, or other fraudulent activity that is not directly related to a technical vulnerability.

Out of Scope

Customer Service Issues: Complaints or problems related to customer service such as product quality, delivery, or the ordering process.
New Feature Development: Proposals or suggestions for developing new features in applications or systems.
Copyright or Trademark Violation: Violation of copyright, trademark or other intellectual property rights.
Non-Compliance With Policies or Terms of Use: Violation of the policies or terms of use established by the service provider.
General Criticism or Opinion: General criticism, opinions, or suggestions that are not reports of vulnerabilities or technical weaknesses.
Performance or Optimization Issues: Complaints related to application performance or code optimization are not related to security vulnerabilities.
Content Development: Suggestions or suggestions for new content in an application or website.
UI/UX Development: Suggestions or input related to developing a better user interface or user experience.

Vulnerability Disclosure Terms

We acknowledge your contributions and allow you to disclose any vulnerabilities you discover. You may refer to the following disclosure policy:

Give us a reasonable time to investigate and mitigate the problem you report;
Avoid privacy violations and things that could result in other disruptions, including unauthorized access and change/deletion of data;
The report should describe the issue in detail, such as a clear textual description of the vulnerability, proof of the exploit, complete steps with information necessary to reproduce the exploit;
Conduct security research in good faith to prevent tampering, with minimal or no impact to VCGamers and our users;
Not exploit discovered security issues for any reason to other parties;
External security researchers are not authorized to access any user data or company data, except as part of the vulnerability validation process;
We specifically excluded certain types of potential security issues; this can be seen in the "In Range" and "Out of Range" sections;
As a further condition, you may disclose reported vulnerabilities to the public after obtaining approval from the VCGamers team, and of course after giving us a reasonable time to investigate and fix them;
VCGamers has the right to decide whether the report submitted may be published to the public or not. If you publish a report without VCGamers' consent for any reason, we will not hesitate to file a lawsuit or take legal action thereafter;
We investigate and respond to all valid reports, but we prioritize them internally based on risk and other factors. We will respond to the report you send within a maximum of three working days;
In the event of duplicate reports, Reward will be given to the external security researcher who is the first to report a valid one based on VCGamers' analysis and discretion.

Guidelines for Reporting Findings

External security researchers may share details of suspected vulnerabilities on all assets owned and operated by VCGamers (or that may directly/indirectly impact the security of VCGamers and users) directly via email. Our team will receive each vulnerability report, conduct a thorough investigation, and then take appropriate action to resolve it.

Send your report to [email protected] with "Subject: Vulnerability Report - [Your Name]", make sure you have read the “Vulnerability Disclosure Terms".

Rewards

We determine Rewards based on various factors, including the quality of the report, level of impact, and other things that are still within scope;
The KYC process will be carried out via email, by providing supporting documents such as Taxpayer Identification Number (NPWP), KTP photo, bank name, bank account number, name of bank account owner, swift code and currency (for non-WNI) for verification purposes and payment;
If the required documents are not submitted within one month of the initial request made by VCGamers, the Reward will be considered invalid and cannot be reclaimed.

Question and answer

Should I know how to exploit a vulnerability when I discover the problem?

Reports submitted to us must be valid reports with a clear textual description, proof of the exploit, complete steps with the information necessary to reproduce the exploit.

Are there any specific limitations or scopes for vulnerability disclosure?

You can read the complete limitations/coverage in the "Vulnerability Disclosure Coverage" section which we have provided information above.

Who determines whether my report is eligible for rewards?

VCGamers' internal security team will determine, and notify you of the details via email.

When will the rewards be sent?

We will distribute rewards after the vulnerability is successfully fixed by our team. We will inform you of the updates.

What should I do if I have other questions regarding vulnerability disclosure/reporting in VCGamers?

You can ask anything related to vulnerability disclosure/reporting to [email protected]