At FanDuel, our talented team of engineers and security specialists work non-stop to make our code as secure as possible. However, software without a single vulnerability simply does not exist in the real world. As our products evolve and technology advances, new vulnerabilities are bound to arise. But our Vulnerability Disclosure policy and partnership with BugCrowd help us stay ahead of any potential problems.
To identify vulnerabilities before they become problems, we rely on people like you. Through our Vulnerability Disclosure Policy, we reward anyone who identifies new vulnerabilities in our products and reports it to us. Once we are informed of a vulnerability — through our partnership with BugCrowd — we immediately get to work finding a solution.
Not only does this keep FanDuel users safe and secure, but it also incentivises those who find a vulnerability to do the right thing and report it.
We pay anyone who reports a vulnerability to us exclusively through BugCrowd.com. So if you know of a vulnerability, just create an account on BugCrowd to report it and get paid.
NOTE: BugCrowd is the only platform we use to reward bug spotters. Any other means of communicating vulnerabilities — such as emails, calls, or customer service inquiries — will not be rewarded.
If you have any question about our Vulnerability Disclosure policy, our Bug Bounty Program, or anything else regarding FanDuel security, please reach us at firstname.lastname@example.org.