Eligibility
To qualify for a bounty, you must:

• Adhere to our Responsible Disclosure Policy: ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research...
• Be the first person to responsibly disclose the bug
• Report a bug that could compromise the integrity of Universodelgioco.it user data, circumvent the privacy protections of Universodelgioco.it user data, or enable access to a system within Universodelgioco.it's infrastructure, such as:
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Broken Authentication (including Facebook OAuth bugs)
  • Circumvention of our Platform/Privacy permission models
  • Remote Code Execution
  • Privilege Escalation
  • Provisioning Errors

Rewards

• Our minimum reward is $50 USD
• We will increase the reward for severe or creative bugs
• Only 1 bounty per security bug will be awarded

Exclusions
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):

• Security bugs in third-party applications
• Security bugs in third-party websites that integrate with Universodelgioco.it
• Denial of Service Vulnerabilities
• Spam or Social Engineering techniques