SolarPoweredBard
Is there a Bug Bounty Program or VDP? If so, Where might I find the rules of engagement?
Inviato Sat 30 Dec 23 @ 7:35 am
SolarPoweredBard
Bump for good measure.
Inviato Tue 02 Jan 24 @ 10:22 am
klausmogensen
Not really
But you are more than welcome to report any issues you have right here in this forum
(I would go easy about claiming them to be bugs - most turns out to not be bugs)
But you are more than welcome to report any issues you have right here in this forum
(I would go easy about claiming them to be bugs - most turns out to not be bugs)
Inviato Tue 02 Jan 24 @ 12:53 pm
DJ VinylTouch
Although exploits can happen in any program, VirtualDJ it isn't a mission critical application, like a web browser or an operating system, and mostly likely has a much smaller development team/user base involved.
Atomix has never publicly reported (AFAIK) any such bounty program as well (they probably wouldn't have the resource/ reporting/ reward facilities in place to support this, not to mention it could open a pandoras box for the devs depending on the state of the code) so I'm doubtful you'll get a positive response on this.
Atomix has never publicly reported (AFAIK) any such bounty program as well (they probably wouldn't have the resource/ reporting/ reward facilities in place to support this, not to mention it could open a pandoras box for the devs depending on the state of the code) so I'm doubtful you'll get a positive response on this.
Inviato Tue 02 Jan 24 @ 1:42 pm
kradcliffe
The current system with a beta team then wider "early access" release before public build seems to work well. No need for a bounty program.
https://www.virtualdj.com/wiki/How%20can%20i%20get%20an%20Early%20Access%20or%20a%20Beta%20build.html
https://www.virtualdj.com/wiki/How%20can%20i%20get%20an%20Early%20Access%20or%20a%20Beta%20build.html
Inviato Tue 02 Jan 24 @ 1:56 pm
SolarPoweredBard
Perfect answers, been hunting for a few non-managed programs with solid ROE's,SafeHarbor, & a solid disclosure policy to add to the research cycle, but unfortunately vdj doesn't seem to fit the criteria...still dope to know though :D.
(PS. Every process can be a critical process but I get the sentiment :3)
Thanks again & Stay patched Peepz~
(PS. Every process can be a critical process but I get the sentiment :3)
Thanks again & Stay patched Peepz~
Inviato Wed 03 Jan 24 @ 9:28 am
Sepatro
DJ VinylTouch wrote :
Although exploits can happen in any program, VirtualDJ it isn't a mission critical application, like a web browser or an operating system, and mostly likely has a much smaller development team/user base involved.
Atomix has never publicly reported (AFAIK) any such bounty program as well (they probably wouldn't have the resource/ reporting/ reward facilities in place to support this, not to mention it could open a pandoras box for the devs depending on the state of the code) so I'm doubtful you'll get a positive response on this.
Atomix has never publicly reported (AFAIK) any such bounty program as well (they probably wouldn't have the resource/ reporting/ reward facilities in place to support this, not to mention it could open a pandoras box for the devs depending on the state of the code) so I'm doubtful you'll get a positive response on this.
Even if VDJ itself is not business critical, a security bug can be a vulnerability for the system (laptop, network, ...) VDJ is installed on.
Atomix should take this more seriously, as well as their compliance with the GDPR.
Inviato Sun 07 Jan 24 @ 8:47 am
locoDog
What makes you think they don't already?
Inviato Sun 07 Jan 24 @ 9:12 am
DJ VinylTouch
Sepatro wrote :
Even if VDJ itself is not business critical, a security bug can be a vulnerability for the system (laptop, network, ...) VDJ is installed on.
Atomix should take this more seriously,
Even if VDJ itself is not business critical, a security bug can be a vulnerability for the system (laptop, network, ...) VDJ is installed on.
Atomix should take this more seriously,
If you look at my initial response, you'll see I'm agreeing with this, but I also tried to give a main reason for why I think he wouldn't get any feedback on this - probably not having things in place/human resources to facilitate a bug bounty hunt program.
AFAIK no major DJ software provider has such a program, and I would think that they (DJ software providers) would try to protect themselves from liability through their End User Licence Agreement clause, like other software providers do (check VirtualDJ's EULA), unless the exploit is really bad and/or publicly reported in a CVE.
Sepatro wrote :
as well as their compliance with the GDPR.
as well as their compliance with the GDPR.
GDPR has to do with transparency of data retention policies wrt to personally identifiable data/information for a user of an application/service and IMO runs adjacent/potentially is not related to OP's original request (finding bugs in the software through various means and potentially being rewarded somehow, because no one puts in that effort for free)...and as @locodog said, how do you know they don't have measures in place to comply with GDPR?
Inviato Sun 07 Jan 24 @ 1:08 pm