Vulnerability Disclosure Policy
At The epic cake, the security of our ecosystem is a top priority. We appreciate the efforts of security researchers and the community in helping us maintain robust and secure systems.
1. Safe Harbor
If you conduct your security research and vulnerability disclosure in accordance with the rules set forth in this policy, we consider your actions to be authorized. We will not initiate legal action against you or ask law enforcement to investigate you for activities related to such research.
2. Rules of Engagement
To remain within our Safe Harbor, you must comply with the following rules:
- No Destructive Testing: You must not delete, alter, or destroy any data that does not belong to you.
- No Disruption: Do not perform Denial of Service (DDoS/DoS) attacks, spamming, or any testing that impairs the availability of our services.
- No Social Engineering: Do not attempt phishing or social engineering against our staff, users, or infrastructure providers.
- Data Privacy: If you encounter personal information (PII) during your research, you must stop immediately, purge the data from your systems, and report the vulnerability to us.
3. Reporting a Vulnerability
If you believe you have found a security vulnerability in our bots, websites, APIs, or infrastructure, please report it to us immediately via our official Discord support server by opening a private ticket or by emailing support@theepiccake.org.
4. Bug Bounty & Recognition
We currently do not operate a formal, paid Bug Bounty program. Rewards, perks, or recognition (such as a special role in our Discord or premium licenses) for valid vulnerability reports are granted strictly at the sole discretion of The epic cake management.
5. Confidentiality
You agree to keep all details regarding the vulnerability strictly confidential until we have fully patched the issue and given you explicit written permission to disclose it publicly.