Most companies will have a vulnerability disclosure program (vdp) or responsible disclosure program, looks like they have one as well; ``--twitch.tv/p/en/security/`` form is at bottom looks like they are using bugcrowd. Looks like its a point based program only so you wont get financially...