Do you have a bug bounty programme?

    Follow

    Whilst we don't have a formal bug-bounty programme with a 3rd party company our site is regularly tested and analysed by both an in-house team and external trusted partners.

    If you believe there is a security weakness in Fanatical.com that's been missed then we welcome you to contact us via support@fanatical.com and discuss your discoveries.

    Will will need to know as much detail as possible about your finding, steps to reproduce the issue, or code examples which can be used to replicate your discovery.


    Reporting bugs scraped from 3rd party bug bounty sites

    Sometimes low risk bug reports are scraped from 3rd party bug bounty sites and submitted to us.   These reports are often rejected as they have been previously discussed by our team and mitigating measures have been put in place around the discovery. 


    New un-reported bug reports

    If a previously un-reported bug is submitted to us then our team of analysts will discuss the report and score the report according to the globally recognised system, CVSS.

    Upon approval and acceptance the issue will be logged into our bug-tracking system and we will make pay-outs to you via Paypal or bank transfer as summarised in the table below:

     

    CVSS Score Bounty amount
       
    Low  (0.1-3.9) $25-$100
    Medium (4.0-6.9) $250
    High (7.0-8.9) $500
    Critical (9-10) $1000

     

    We want Fanatical.com to be as secure as possible so thank you for taking the time to get in touch. 

    Was this article helpful?
    3 out of 6 found this helpful

    Need to Contact Us?

    If you still need to contact us then please submit a support request using the button below.