Reporting Bugs & Vulnerabilities

We're a brand new startup, supporting community engagement in sport. The organization is not currently able to support a paid bug bounty program.

From time to time, with the aid of sponsors, we are able to run short-term bounty programs, and when those are possible, we will list those here.

If you find a bug, please create an account and report it here: https://sportsa.com/help/feedback/ so we can correctly track and attribute any vulnerabilities found.

If a new vulnerability was found by your investigation, is not a duplicate of an earlier or pending vulnerability, we will credit you here: https://sportsa.com/credits/.

Vulnerabilities are required to be verified as authentic, and not simply automated results of pen-tests.

If you are a security researcher, we request that you follow responsible disclosure best practices. Please avoid looking to compromise any actual user data. Please use your own test accounts, or reach out to the sportsa.com team.

Irresponsible use or disclosure of vulnerability information or confidential data may result in the appropriate sanctions under local and international law.