Unity Technologies is focused on making it easy for content creators to build and distribute their creative results. Because of this we also know that security and trust is paramount here at Unity. This page discusses some security information for our services and also how to get a hold of Unity’s security team.
Unity is PCI Compliant, leveraging industry best practices, such as our SSDLC, and security tools to maintain a high-level of Security. This includes on-going assessments, bug-bounty programs and continuing to grow our global security team (apply at https://careers.unity.com)
Protecting Our Customer’s Assets
When handling payment transactions we do not store any card information. All transactions are sent through an external payment processor that handles the information.
At Unity we understand that your game assets are critical to your business. That is why when you put your trust in us to store or build your game we take as many precautions as possible. From having regular security testing of our services and making sure user assets are securely stored and separated, we take the protection of your assets very seriously.
Unity has adopted a Responsible Disclosure policy as a part of our cooperation with internal and external security researchers and Bug Bounty program. Unity may withhold information about an identified vulnerability for a reasonable period of time to ensure that all customers are given time to patch their systems. For a full list of scope, and information on our Bug Bounty program, please contact firstname.lastname@example.org.
We are happy to hear from you. We try to make it easy, just send us an email to email@example.com and we will get back to you as soon as we can.
Reporting Security Issues and Bug Bounty
If you have found an issue we would love to talk with you. Please email firstname.lastname@example.org and we will send you information about our Bug Bounty program.
Security Updates and Patches
|May 2020||CVE-2020-12630, CVE-2020-12631||Out-of-bounds memory DoS|
|March 2019||CVE-2019-9197||Input String Validation RCE|
|August 2017||CVE-2017-12939||Input String Validation RCE|