Responsible Disclosure & Security Program

If you’ve found a security vulnerability on www.domdera.com, we encourage you to report it to us right away. We review all legitimate reports and work to resolve issues quickly. Before reporting, please read this page in full ā€” including our principles, program details, reward guidelines, and the list of issues we don’t consider reportable.

Reporting & Safe Harbor

If you follow the principles below when reporting a security issue to Domdera, we will not pursue legal action against you in connection with your report. We ask that you:

  • Give us reasonable time to review and fix the issue before disclosing it publicly or to anyone else.
  • Do not access or interact with private accounts without the account owner’s consent.
  • Make a good-faith effort to avoid privacy violations, service disruptions, and the destruction of data.
  • Do not exploit the vulnerability for any purpose, including demonstrating additional risk or accessing sensitive data.
  • Comply with all applicable laws and regulations.

How to Report

Please submit your report by email to contact@domdera.com, with detailed, reproducible steps. Do not contact employees directly about security issues.

Rewards

Rewards are based on the severity and impact of the vulnerability. Please include clear, reproducible steps ā€” if an issue cannot be reproduced, it is not eligible for a reward.

  • The first valid report of a given issue receives the reward.
  • Multiple bugs stemming from a single underlying cause are treated as one report.
  • We assess rewards based on impact, exploitability, and report quality.

Our current maximum rewards by severity :

Critical ā€“ $200 ā€” e.g., Remote Code Execution, remote shell or command execution, vertical authentication bypass, SQL injection that exposes targeted data, full account takeover.

High ā€“ $100 ā€” e.g., lateral authentication bypass, disclosure of sensitive internal data, stored XSS affecting other users, local file inclusion, insecure handling of authentication cookies.

Medium ā€“ $50 ā€” e.g., logic or business-process flaws, insecure direct object references.

Low ā€“ Recognition only ā€” e.g., open redirects, reflected XSS, low-sensitivity information leaks.

Contact Information

Address: 667 S Almstead Rd, Watkins, CO 80137, USA

Phone: +1 659 218 1424

Email: contact@domdera.com

Domdera is operated by DOMDERA WHOLESALE LLC.