Bigosaur Vulnerability Disclosure Policy

We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.


We require that all researchers:

If you follow these guidelines when reporting an issue to us, we commit to:


Servers running our online games:

Out of scope

Any services hosted by 3rd party providers. For example, we might use a CDN to host images or a shared web hosting company to host some informational content. The scope only covers our dedicated game servers that contain sensitive user data.

In the interest of the safety of our users, staff, the Internet at large and you as a security researcher, the following test types are excluded from scope:

If you are unsure whether something is out of scope, feel free to contact us via e-mail listed on this page.

Information we don't want to receive

Unless specifically instructed, please do not share any of the following:

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of our products or platforms please send it to us by emailing Please include the following details in your report:

If you’d like to encrypt the information, please use our PGP key.

This page was last updated on 2021-09-29.