Responsible Disclosure

As a Security-as-a-Service provider, Myra is committed to maintaining the highest level of protection for our customers and their data. Continuous improvement is essential — and responsible security research plays an important role in that process.

If you discover a vulnerability, we encourage you to report it to us. By working together, we strengthen critical digital infrastructure used by millions of people. Eligible findings may be rewarded through our bug bounty program.

Contact us now
Security locks illustration

Guideline

  • Please follow all requirements communicated by Myra.
  • Respect a minimum embargo period of 90 days before any public disclosure.
  • Submit comprehensive details about the vulnerability, including reproduction steps and potential mitigation approaches, in a responsible and confidential manner.
Bug bounty illustration

Bounty

Myra rewards responsible and constructive collaboration with payments of up to $2,000, depending on the severity of the reported issue. Each case is assessed individually based on its practical exploitability and potential impact.

Our bug bounty program covers verified vulnerabilities that may result in account takeover, cross-site scripting (XSS), domain takeover, defacement, or comparable security risks.

The program does not include reports related to outdated web libraries (e.g., jQuery, Angular), prototype pollution, anti-spam configurations (e.g., DMARC), DNSSEC, form rate limiting, HTTPS cipher configurations, cookie flags, banner grabbing, or missing HTTPS redirects.

Contact us now

What you can expect

Work with us to quickly identify and remediate security vulnerabilities — your contribution makes a difference.

Transparent communication

Transparent communication

We will acknowledge receipt of your report within 2 to 3 business days.

Validation

Validation

Our team will review and validate your submission within 1 to 2 weeks and determine the applicable reward.

Mutual confidentiality

Mutual confidentiality

All vulnerability reports are handled with strict confidentiality. We expect the same level of discretion from reporting parties.

Bug fixing

Bug fixing

Once validated, we will prioritize remediation and keep you informed about the progress.

Reward payment

Reward payment

After the vulnerability has been resolved, the agreed bounty will be paid promptly.

Please note that Myra reserves the right to pursue legal action in cases of non-compliance with these guidelines or if malicious, criminal, or intelligence-related intent is suspected.