Bug Bounty Program

Responsible disclosure & security research – help us make VynSec safer for everyone.

Program Overview

We invite security researchers and ethical hackers to responsibly disclose vulnerabilities. Your findings help us protect our infrastructure and users.

  • All verified reports receive public acknowledgement (if desired).
  • No monetary rewards – we focus on recognition and gratitude.
  • Strict no‑disclosure until we fix the issue.

Scope

We accept reports on:

  • vynsec.com and all subdomains
  • Public APIs (api.vynsec.com)
  • Our open‑source repositories (GitHub)

Out of scope: Social engineering, physical attacks, DDoS, or third‑party services.

Report a Vulnerability

Email us with a clear description, steps to reproduce, and any supporting materials (logs, screenshots).

We aim to respond within 48 hours and keep you updated on the fix progress. Please allow us reasonable time to resolve before public disclosure.

Report Now

Hall of Fame

Thank you to these researchers for helping secure VynSec:

Alex M.
Jan 2026
Priya K.
Dec 2025
Carlos R.
Nov 2025

Your name could be next!

Security Quiz

Test your knowledge – get a secret message if you answer all correctly!

1. What does "responsible disclosure" mean?

Reporting a bug publicly immediately
Giving the vendor time to fix before public release
Selling the vulnerability to the highest bidder

2. Which of these is usually out of scope in bug bounty?

SQL injection on the main website
Denial‑of‑Service attacks
Cross‑site scripting in a user‑facing form

3. What should you include in a vulnerability report?

Just the URL
Clear steps to reproduce and impact
Your bank details for payment