Bug Bounty Program

If you believe you have found a security issue or vulnerability, please submit the report to our security team by following the guidelines below


Scope

This program covers security issues related to our services at www.neuralegion.com, including:

  • web application vulnerabilities such as XSS, CSRF, SQLi,
  • authentication issues
  • authorization issues
  • remote code execution

 

This program excludes (regardless of coverage indicated above):

  • social engineering
  • WordPress “issues” such as xmlrpc that are mitigated by our hosting provider
  • out-of-date browsers and plugins
  • vulnerabilities in 3rd party applications that do not directly affect our data or service
  • spam of any kind
  • denial of service attacks
  • issues already known by us or previously reported to us by others
  • issues that we have determined to be of acceptable risk


Act responsibly

The rules of responsible disclosure of vulnerabilities include, but are not limited to:

  • Avoid accessing, exploiting, or exposing any customer data other than your own.
  • Avoid any action that may cause a degradation of our services, or will harm our customers (for example overloading our systems)
  • Do not use any social engineering techniques, such as sending phishing emails to NeuraLegion’s employees, partners, or customers
  • When methods are used that do not comply with your local law and/or the above-mentioned responsibility rules, enforcement authorities will be notified


Reproducibility

Our security team and engineers must be able to reproduce the reported security flaw. Make sure your report is clearly written and includes all the necessary information so we can reproduce the flaw. Please include:

  • Type of vulnerability 
  • When applicable, include the URL
  • The potential impact of the vulnerability
  • Step-by-step instructions to reproduce the issue, including any proof-of-concept or exploit code to reproduce

 

Definition of a Vulnerability

To be eligible for a reward, your report must be considered valid by the NeuraLegion security team. 

 

Rewards

  • Only one bounty will be awarded per vulnerability
  • If we receive multiple reports for the same vulnerability, only the person offering the first clear report will receive a reward.
  • Our reward system is flexible. We have no minimum or maximum amounts as rewards are based on severity, impact, and report quality.
  • Vulnerabilities affecting our platform or platform-related plugins typically have a higher impact.  

 

Reporting

You can contact us via security@neuralegion.com to report any vulnerability or questions about this program.