Since 2016, Unity has run a private bug bounty program working with security researchers to improve the security posture of our products and services. We have provided more than $400,000 in bounty rewards as part of this program. In July 2021 we expanded our program to be accessible publicly, allowing any individual to participate in our bug bounty program for rewards ranging from $50 to $3,000 for valid reports.
By making the program publicly available and allowing anyone the opportunity to participate, we believe this to benefit everyone by creating a safer environment to develop in and explore Unity’s products and services.
Participating in the program does not require any specific training or knowledge. Many times, curiosity is the leading factor to finding unexpected behavior that potentially leads to a security impact. We encourage everyone interested to engage and partner with us to further improve our software and services.
We would like to take the opportunity to thank the wonderful and talented group of security researchers we have been working with within the private program as well as the individuals who have been participating in the recently launched public program.
For more detailed information about the program and how to participate, please visit our Unity BugCrowd page.
Find out more about Unity Security and all Unity security advisories here.