Myntra is up with its RESPONSIBLE DISCLOSURE POLICY page for whitehat security researchers. Proud to see my reports also acknowledged there 🙂
A VULNERABILITY IN OUR SYSTEMS, AND RESPONSIBLY SHARES THE DETAILS OF IT WITH US, WE APPRECIATE THEIR CONTRIBUTION, WORK CLOSELY WITH THEM TO ADDRESS SUCH ISSUES WITH URGENCY, AND IF THEY WANT, PUBLICLY ACKNOWLEDGE THEIR CONTRIBUTION
And i should say that’s awesome. an acknowledge of any contribution is the best tribute to the work done. :-). I think Myntra is the first to introduce such a disclosure page for white hat security researchers. It clearly defines their urge to improve their systems technically and provide a safer and better user experience to their customers. The move shows how much they care about their own merchandise and the user data stored on their servers.
I have written a post last month about “Perceptions of Indian E-commerce Companies About Security And Ethical Disclosures?” on how reluctant are the Indian ecommerce startups towards the security bugs on their website as per my experience in reporting vulnerabilities to them. Myntra is an exception from them all.
How to report a security vulnerability / bug to Myntra.
All you have to do is to shoot a mail with all the details and proof the bug / security issue (screenshot, video ) etc to email@example.com. Myntra’s security team will reach you shortly to know more about it. If the report found to be a bug / vulnerability definitely they will acknowledge the same.
My suggestions to the Myntra team for the Responsible Disclosure Page.
- It would have been great if you can make that page little more appealing. i found it very difficult to read
- You have missed to add the seo titles and description for the page 🙂 . It would have been great
All the best for myntra.com keep improving. All the very best to all whitehat security researchers as well 😉