Responsible Disclosure

Responsible Disclosure

As a Security-as-a-Service provider, Myra always strives to achieve the best possible security for our customers and their data, making it crucial that our solutions are continuously optimized and maintained. Help us do this by reporting security issues. As our partner, you will help Myra in securing essential solutions for millions of people. And you can benefit directly through our bug bounty program.

Contact us now

Guideline

Please follow all guidelines communicated by Myra
Observe the minimum 90-day embargo period
Provide us with all the details of the vulnerability and possible mitigation methods transparently and discreetly

Bounty

Depending on the severity of the vulnerability, Myra will reward constructive cooperation with you with up to $2,000. The severity is determined on a case-by-case basis and depends on the practical attack potential or attack surface.

Our bug bounty program focuses on actual vulnerabilities that can lead to account hijacking, cross site scripting (XSS), domain takeover, defacement or similar attacks.

NOT covered by the program are disclosures about outdated web libraries (Jquery, Angular and similar), prototype pollution, antispam settings (DMARC and similar), DNSSec, ratelimiting of forms, HTTPS ciphers, cookie flags, banner grabbing or missing HTTPS redirects.

Contact us now

What you can expect

Actively support us in quickly identifying and fixing security-related problems – it's worth it!

Transparent communication

After receiving your report, we will respond within 2 to 3 business days.

Validation

Myra will validate your report within 1 to 2 weeks and determine the specific cash reward.

Mutual confidentiality

Myra will treat all reports as strictly confidential. We expect the same from our partners.

Bug fixing

We will resolve the vulnerability as quickly as possible and keep you informed of the progress of the solution.

Reward payment

We will pay you the bug bounty reward as soon as the issue is resolved.

Please note that we reserve the right to take legal action in the event of non-compliance with the guidelines or if criminal or intelligence intentions are evidently being pursued.