
Bounty
Depending on the severity of the vulnerability, Myra will reward constructive cooperation with you with up to $2,000. The severity is determined on a case-by-case basis and depends on the practical attack potential or attack surface.
Our bug bounty program focuses on actual vulnerabilities that can lead to account hijacking, cross site scripting (XSS), domain takeover, defacement or similar attacks.
NOT covered by the program are disclosures about outdated web libraries (Jquery, Angular and similar), prototype pollution, antispam settings (DMARC and similar), DNSSec, ratelimiting of forms, HTTPS ciphers, cookie flags, banner grabbing or missing HTTPS redirects.
What you can expect

Transparent communication
After receiving your report, we will respond within 2 to 3 business days.

Validation
Myra will validate your report within 1 to 2 weeks and determine the specific cash reward.

Mutual confidentiality
Myra will treat all reports as strictly confidential. We expect the same from our partners.

Bug fixing
We will resolve the vulnerability as quickly as possible and keep you informed of the progress of the solution.

Reward payment
We will pay you the bug bounty reward as soon as the issue is resolved.