Security Policy

Supported Versions

We support only the Stable version of our official bot. Any unofficial copies of our bot are not covered under our terms or licensing and may operate maliciously. Please notify us of any clones as soon as possible so we can arrange for their removal.

Reporting a Vulnerability

Please do not open an issue on GitHub or send a message on our Discord server to report a vulnerability. We ask this as it makes the vulnerability more public than it needs to be, and gives others the chance to abuse it before we are able to push a patch.

If you find a vulnerability, please send an email to toby@tobezdev.com with appropriate information, reproduction steps, screenshots or videos if possible, and anything else you feel may be useful.

Bug Bounty Program

The Audius Song of the Day project does not officially offer a bug bounty program, simply because it is a hobby project and not an enterprise-level application. If a vulnerability is deemed significant enough, we may offer a bug bounty of various forms in scale with the vulnerability itself. We will not, under any circumstances, offer a bug bounty for issues with any of our external providers (e.g. the Discord or Audius APIs). Each bounty is offered completely under the discretion of the Audius Song of the Day Maintainers.