Join Our Security Mission.
Claim Your Bounty 💻🛡️
Report Vulnerabilities. Secure Payouts. Rewarding Collaboration.
Help improve our security.
(while earning rewards for your efforts)
Join our Bug Bounty Program and earn competitive rewards for every verified security vulnerability you report. There's no cap on the bounty - the better the find, the bigger the reward!
Secure The Net 🌐.
Earn Rewards for Vulnerability Reports
Contribute to our robust security by identifying potential vulnerabilities. Partner with us for a safer web experience and benefit from a rewarding bug bounty program designed with the expertise of the cybersecurity community.
Bounties Paid via PayPal
- Hassle-free payments through secure channels
Regular Payout Schedule
- Rewards disbursed on a quarterly basis
Earn Rewards for Finding Vulnerabilities
- Monetary rewards for contributing to security improvements
Community Recognition
- Credit for significant findings in the security community
Public Acknowledgement
- Public recognition for researchers who wish to be recognized
Support from the Mixo Team
- Dedicated support from the Mixo team
Questions?
- What rewards can I expect from reporting a vulnerability?
- The reward for reporting a bug can range greatly depending on the severity and impact of the vulnerability. We use the industry-standard CVSS (Common Vulnerability Scoring System) to classify the severity and assign rewards accordingly.
- Is there any public recognition for researchers?
- Yes, we value the effort of security researchers and provide public acknowledgment for those who wish to be recognized. We include their names or aliases in our Hall of Fame, with their consent.
- How do I report a potential security vulnerability?
- To report a vulnerability, please follow the guidelines outlined on our Bug Bounty Program policy page and email us the detailed information at security@mixo.io.
- What types of vulnerabilities are eligible for a reward?
- Vulnerabilities that are considered eligible for a reward typically include, but are not limited to:
- Critical web application security issues such as Cross-Site Scripting (XSS), SQL Injection, and Authentication flaws
- Server-side code execution bugs
- Significant security misconfigurations
- How long does it take to get a reward after reporting a bug?
- The time to review your submission and issue a reward varies depending on the complexity and severity of the bug. Once the report has been reviewed and validated, we strive to process rewards promptly.
- Can I disclose the bug publicly?
- We request that all researchers engage in responsible disclosure. Public disclosure of the vulnerability is only permissible after we have confirmed that it has been remediated, and with express consent from Mixo.
- What happens if someone else reports the bug before me?
- Bounties are awarded on a first-come, first-serve basis. If a reported issue is already known to us or has been reported by someone else, we unfortunately cannot award a second bounty for the same issue.