Unity Security
Unity Technologies is focused on making it easy for content creators to build and distribute their creative results. Because of this we also know that security and trust is paramount here at Unity. This page discusses some security information for our services and also how to get a hold of Unity’s security team
Unity has developed and shared its security practices with others in our industry, such as our SSDLC, and security tools to maintain a high-level of Security. This includes on-going assessments, bug-bounty programs and continuing to grow our global security team (apply at https://careers.unity.com)
Protecting our customers' assets
When handling payment transactions we do not store any card information. All transactions are sent through an external payment processor that handles the information.
At Unity we understand that your game assets are critical to your business. That is why when you put your trust in us to store or build your game we take as many precautions as possible. From having regular security testing of our services and making sure user assets are securely stored and separated, we take the protection of your assets very seriously.
Responsible Disclosure
Unity has adopted a Responsible Disclosure policy as a part of our cooperation with internal and external security researchers and Bug Bounty program. Unity may withhold information about an identified vulnerability for a reasonable period of time to ensure that all customers are given time to patch their systems. For a full list of scope, and information on our Bug Bounty program, please contact security@unity3d.com.
Contacting us
We are happy to hear from you. We try to make it easy, just send us an email to support@unity3d.com and we will get back to you as soon as we can.
Reporting security issues and Bug Bounty
If you have found an issue we would love to talk with you. Please email security@unity3d.com and we will send you information about our Bug Bounty program.
Security updates and patches (Editor updates)
Security Update Advisory
CVE-2021-44228, CVE-2021-45046, log4j Java library
CVE-2020-12630, CVE-2020-12631
Out-of-bounds memory DoS
CVE-2019-9197
Input String Validation RCE
CVE-2017-12939
Input String Validation RCE