Our bug bounty program encourages security researchers to discover and report potential vulnerabilities in our platform. By participating, you can help us improve our security posture and ensure a safer experience for all our users. We recognize and reward valid submissions that meet our criteria.
Eligibility
Anyone can participate in our bug bounty program. However, we prioritize submissions from researchers who demonstrate a clear understanding of security principles and follow responsible disclosure practices.
Scope
Our bug bounty program covers specific assets within our platform. The following areas are currently in scope:
mymember.site
dashboard.mymember.site
The following areas are out of scope:
help.mymember.site
news.mymember.site
Vulnerabilities in third-party software or services integrated with our platform (unless directly impacting our services).
Vulnerabilities related to social engineering or physical security.
Vulnerabilities already known to us or reported by someone else.
Vulnerabilities that are deemed low-risk or have minimal impact. (See "Severity Levels" below for more details.)
Responsible Disclosure
We require responsible disclosure of any vulnerabilities you find. This means:
Reporting the vulnerability directly to us through the designated channel (see "Reporting a Vulnerability" below).
Providing sufficient details to reproduce the vulnerability, including clear steps, affected components, and any relevant proof-of-concept code.
Giving us reasonable time to investigate and fix the issue before publicly disclosing it. We appreciate your cooperation in keeping our users safe.
Avoiding any actions that could harm our systems, data, or users, including but not limited to:
Accessing or modifying data that does not belong to you.
Disrupting our services.
Attempting to gain unauthorized access.
Exploiting the vulnerability for personal gain.
Severity Levels
We categorize vulnerabilities based on their potential impact. While we appreciate all reports, rewards are typically focused on vulnerabilities with a higher severity. These categories may include:
Critical: Vulnerabilities that could allow an attacker to gain complete control of a system or data, leading to significant disruption or damage.
High: Vulnerabilities that could allow an attacker to gain significant access to sensitive data or systems.
Medium: Vulnerabilities that could allow an attacker to gain limited access or perform actions that could negatively impact users.
Low: Vulnerabilities with minimal impact or that are difficult to exploit.
Reporting a Vulnerability
To report a vulnerability, please submit your findings through our live chat or via email at support@mymember.site.
Your report should include the following information:
A clear and concise description of the vulnerability.
The affected components or systems.
Detailed steps to reproduce the vulnerability.
Any relevant proof-of-concept code or screenshots.
Your contact information.
What Happens After You Submit a Report?
Once you submit a report, we will:
Acknowledge your submission.
Investigate the reported vulnerability.
Assess the severity and impact of the vulnerability.
If the vulnerability is valid and within scope, we will work to fix it.
We will notify you of the status of your report and any applicable reward.
Legal Information
By participating in our bug bounty program, you agree to our terms outlined in this Bug Bountry Program. All submissions are subject to our discretion.
We appreciate your contributions to the security of our platform! If you have any questions, please contact us via the live chat or at support@mymember.site.