For the rules governing the use of this website, please see our Terms of Service.
For information on how we collect and protect your data, please see our Privacy Policy.
GWL Vulnerability Disclosure Policy
(Rules of Engagement)
The Global Warfighter League is committed to maintaining a secure operational environment for our esports infrastructure. We welcome responsible security testing from our community. If you discover a vulnerability, this policy outlines the authorized rules of engagement for reporting it and securing a bounty.
Authorized Scope (What to Test)
Testing is strictly limited to the front-end user experience, custom gwl_ logic, the Tactical Board, user profile mechanics, and standard web application vulnerabilities on the main GWL domains.
Out of Scope (Strictly Prohibited)
The following actions are strictly prohibited and will result in immediate account termination, forfeiture of all GWL Tokens, and potential legal action:
-
- Destructive Testing: Any attempt to permanently delete, alter, or corrupt database records, player profiles, or leaderboards.
- Denial of Service (DoS/DDoS): Any attempt to overwhelm or crash GWL servers.
- Infrastructure Attacks: Any attempt to access the underlying server architecture, control panels, databases, or secondary domains hosted on our servers.
- Social Engineering/Phishing: Targeting GWL staff or other community members.
The Bounty System
Validated, previously unknown vulnerabilities that present a genuine risk to the platform will be rewarded with GWL Tokens from the GWL Bug Bounty Program. GWL Tokens can be exchanged in the Game Vault. Submitted bounties are awarded at the sole discretion of GWL Administration. Low-effort submissions (e.g., minor spelling errors, missing images) may be patched without a bounty payout.
Confidentiality & Safe Harbor
You must keep your findings strictly confidential until GWL Administration has deployed a patch. Publicly disclosing a vulnerability on the forums or third-party sites before it is secured immediately disqualifies you from the bounty program.
If you conduct your testing in good faith and strictly adhere to these Rules of Engagement, GWL will not initiate legal action or law enforcement investigations against you.