Report a Security Issue

If you discover a security vulnerability on Veranura.com, we encourage you to notify us immediately. We review all legitimate reports thoroughly and strive to resolve any issues as quickly as possible. Before submitting your report, please review the guidelines below, which cover key principles, our bounty program, reward criteria, and what should not be reported.

Principles

When reporting a security issue to Veranura.com, if you follow these principles, we will not take legal action or enforcement against you in response to your good-faith report:

  1. Please allow us a reasonable amount of time to investigate and fix the reported issue before making any details public or sharing them elsewhere.
  2. Do not access or modify private accounts without the explicit consent of the account owner.
  3. Make a sincere effort to avoid privacy violations and disruptions, including data destruction or service interruptions.
  4. Do not exploit the vulnerability for any reason, including attempting to escalate privileges or uncover additional issues.
  5. Comply with all applicable laws and regulations during your investigation.

Bounty Program

We value and reward security researchers who help us keep our services safe by reporting vulnerabilities. Monetary rewards are granted at Veranura.com’s discretion based on risk, impact, and other factors. To qualify for a bounty, you must:

  1. Adhere to the principles above.
  2. Report a valid security vulnerability that poses a risk to our platform or users. (Note that not all bugs are security issues — Veranura.com makes the final determination.)
  3. Submit your report via our official security channel — please do not contact employees directly.
  4. Disclose any unintended privacy breaches or disruptions caused during your investigation.
  5. Understand that we prioritize reports based on severity, so response times may vary.
  6. Agree that we reserve the right to publish valid reports.

Rewards

Rewards depend on the severity and impact of the vulnerability. We update the program periodically and welcome your feedback.

  • Reports must include detailed, reproducible steps; incomplete reports are not eligible.
  • The first valid report of a vulnerability is rewarded in cases of duplicates.
  • Multiple related vulnerabilities from the same root cause will be rewarded with one bounty.
  • Rewards are determined by factors like impact, exploit difficulty, and report quality. All rewards are at our discretion.

Maximum reward amounts by severity:

  • Critical ($200): Issues such as privilege escalation, remote code execution, financial theft, etc.
    Examples:
    • Remote code execution
    • Remote shell access
    • Vertical authentication bypass
    • SQL injection exposing data
    • Full account compromise
  • High ($100): Issues impacting platform security or critical processes.
    Examples:
    • Lateral authentication bypass
    • Exposure of sensitive company data
    • Stored XSS affecting other users
    • Local file inclusion
    • Improper cookie handling
  • Medium ($50): Affect multiple users and require minimal user interaction.
    Examples:
    • Logic flaws or business process bugs
    • Insecure object references
  • Low: Affect individual users and require significant interaction or conditions.
    Examples:
    • Open redirects
    • Reflective XSS
    • Minor information leaks

Contact Information:
Business Address: 12550 Biscayne BLVD STE 110 Miami, FL. US 33181
📱 Phone: +1 805-883-9785
✉ Email: Contact@Veranura.com