The EdgeCast Customer and Partners portals are now part of the Oath private bug bounty program. Testing accounts will need to be specially created for each participant and we have a limited number each week, so get your request in early! When writing reports against these portals, please make sure to correctly tag your report with the
EdgeCast - Partners (VDMS) or EdgeCast - Customers (VDMS) asset. Read on below for more details about how these assets expand the Oath bug bounty program.
The Paranoids
Verizon Digital Media Services' EdgeCast Content Delivery Network has a capacity of 50+ Tbps and 125 points of presence (PoPs) spanning 56 countries across six continents. A network connected with over 3,000 carriers and ISPs, we not only strive to be the fastest and most reliable Content Distribution Network (CDN), but also the most secure.
Our CDN partners configure their accounts and manage their own customers using either the Partner Control Center (PCC) or API. This is where we ask you to help us ensure that our partners' account settings and data are safe and secure.
The Oath EdgeCast program is testing a production environment. Please take this into consideration when testing and do not perform tests that may impact system infrastructure or architecture.
Violation of any of these rules can result in ineligibility for a bounty and/or removal from the program.
There are a number of notable known issues on this product that should not be reported (and are not eligible for bounty), to prevent duplicates, some of the most visible ones include:
The EdgeCast software requires additional credentials that must be created per researcher to facilitate testing.
While testing for cross-account and cross-organization vulnerabilities, you may target ONLY target the 2 accounts that you own.
To request accounts, you may contact credentials@hackerone.com. Accounts will be created on a first-come-first-serve basis with a limited number created per week.
After accepting the invitation, in order to reset your user account password, navigate to the EdgeCast Partners Control Center and select "Forgot Password". Input each of your (2) assigned credential email addresses to receive a password reset link. You can find these emails at the bottom of this brief.
API documentation can be found by clicking on the "Support" link within the EdgeCast Partners application (you must be authenticated within the application). Focus on the "Partner Control Center Docs" section.