Mage One Bug Bounty

Security is our primary business. You can help to keep Magento 1 secure. This Bug Bounty Program rewards your efforts to investigate security vulnerabilities.

In order to submit a bug you have to create an account with our bug bounty platform. We’re using Jira ServiceDesk to keep track of all submissions.

After submitting a report to us we will contact you within 72 hours. Please make sure to include all necessary information in our initial report to prevent any delays. If you include screenshots, videos and code samples it might improve our speed and reduces our waiting time. Once the vulnerability is verified and accepted we try to fix it within 30 days. Once the Patch is released we will issue your payment. Payments can be received via PayPal or SEPA bank transfer.

Anything you do in accordance with this policy is considered authorized conduct and we will not take legal action against you. If a third party takes legal action against you in connection with activities conducted under this policy, we will assist you by disclosing that you have acted in accordance with this policy.

Please carefully read our information about our …