Marrow Security Reward Program (MSRP)

The Marrow Security Reward Program (MSRP), a bug bounty initiative by Neuroglia Health Pvt. Ltd., aims to enhance the Marrow App's security. We value the efforts of Marrow users and potential subscribers who contribute to identifying and resolving app vulnerabilities.

Program Process:

  1. Reporting: Vulnerabilities must be reported directly to the Marrow Security Team through their official disclosure process.
  2. Validation: The Security Team assesses the report. Invalid reports are promptly notified to the reporter.
  3. Assessment: Valid vulnerabilities are analyzed by the Tech Team for severity and impact.
  4. Rewards: Management decides the reward based on the Tech Team's assessment. Notification of rewards is sent within 2 to 8 weeks, depending on the case complexity.

Program Rules:

  1. Direct Reporting: All vulnerabilities must be reported to the Security Team. This program applies only after security issues have been acknowledged by the team.
  2. First Reporter Reward: For duplicate reports, the first reporter is eligible for the reward.
  3. Single Reward for Related Vulnerabilities: Multiple vulnerabilities stemming from a single issue are eligible for only one reward.

Finder's Code of Conduct:

  • Respect Rules: Adhere to guidelines set by the Security Team.
  • Protect Privacy: Avoid accessing or damaging user data.
  • Be Patient: Clarify and support your reports when requested.
  • Do No Harm: Promptly report vulnerabilities and avoid exploitation.
  • Confidentiality: Do not disclose information without Neuroglia's consent.

Bug Bounty Application:

 

To participate in the Marrow Security Reward Program, please apply through the following link:

This link will direct you to an application form where you can submit your details and report any vulnerabilities you've discovered.

 

 

Legal Considerations:

 

Participants are responsible for any tax implications based on their residency and citizenship. Local laws may impose additional restrictions. This program is discretionary, and Neuroglia reserves the right to modify or terminate it. Reward decisions are at Neuroglia's sole discretion.