Security · Responsible Disclosure

Report a Security Issue

Found a vulnerability on microry.com? Tell us before anyone else does — we'll review every legitimate report and recognize researchers who help us stay secure.

About this Program

If you have discovered a security vulnerability on microry.com, we encourage you to report it to us immediately. Microry LLC takes the security of our platform and our customers' data very seriously. We review all legitimate reports and aim to resolve confirmed issues as quickly as possible.

Please read this page carefully before submitting a report. Following the guidelines below ensures your report is reviewed quickly and may qualify for a bounty reward.

Last Updated · May 2026
✦   ✦   ✦

01Fundamentals — Safe Harbor

If you follow the principles below when reporting a security issue to microry.com, Microry LLC will not initiate legal action or enforcement investigations against you in response to your report. We ask that you:

  1. Give us reasonable time to review and fix the issue before disclosing it publicly or sharing it with others.
  2. Do not interact with or access private customer accounts without the account owner's explicit consent.
  3. Make a good-faith effort to avoid privacy violations, service disruptions, or data destruction.
  4. Do not exploit the vulnerability for any reason, including to demonstrate further risks or access sensitive data.
  5. Comply with all applicable local, state, and federal laws and regulations in the United States and your country of residence.

02Scope

This program covers vulnerabilities in systems directly operated by Microry LLC. The following are in scope:

  • The microry.com website and any of its subdomains
  • Microry's customer account system and checkout flow
  • Forms and inputs that handle customer data on microry.com
  • Microry-controlled email, CRM, or order-handling endpoints

The following are out of scope — please report these directly to the vendors, not to Microry:

  • Third-party payment processors (Stripe, PayPal) — report to those companies directly
  • Third-party hosting and infrastructure providers
  • Third-party shipping carriers (DHL, FedEx, Aramex)
  • WordPress core, plugins, or themes — report upstream to the respective maintainers
  • Third-party analytics or advertising tools (Google Analytics, Google Ads)

03Bounty Program

Microry LLC recognizes and rewards security researchers who help protect our platform by responsibly reporting vulnerabilities. Bounties are awarded at our sole discretion, based on risk level, impact, and report quality.

To potentially qualify for a bounty, you must:

  1. Follow all fundamentals listed in Section 01.
  2. Report a valid security vulnerability that poses a genuine risk to user privacy or platform security.
  3. Submit your report directly to Contact@microry.com with the subject line indicated below — please do not contact individual employees directly.
  4. Disclose any accidental privacy violations or service disruptions that occurred during your research.
  5. Understand that while we investigate every valid report, response priority is based on risk severity and may take some time.
  6. Agree that Microry LLC reserves the right to publish submitted reports at our discretion, with appropriate credit to the researcher (if requested).

04Reward Tiers

Rewards are based on the impact and severity of the reported vulnerability. Please provide detailed and reproducible steps — issues that cannot be reproduced are not eligible for a bounty.

  • The first valid report of a given issue receives the bounty.
  • Multiple bugs caused by a single underlying issue are treated as one report.
  • We assess rewards based on impact, exploitability, and overall report quality.
Critical Severity
Highest Risk
$200
  • Remote code execution
  • Remote shell or command execution
  • Vertical authentication bypass
  • SQL injection leaking targeted data
  • Full account takeover
  • Payment data exfiltration
High Severity
Major Risk
$100
  • Lateral authentication bypass
  • Disclosure of sensitive internal data
  • Stored XSS affecting other users
  • Local file inclusion
  • Insecure handling of authentication cookies
  • Bulk customer data exposure
Medium Severity
Notable Risk
$50
  • Logic or business-process flaws
  • Insecure direct object references
  • CSRF on sensitive actions
  • Unvalidated redirects to external sites
  • Privilege escalation within own account
Low Severity
Minor Risk
Recognition
  • Open redirects
  • Reflected XSS
  • Low-sensitivity information leaks
  • Missing security headers
  • Non-sensitive misconfigurations

05Non-Reportable Issues

The following are generally out of scope for our bounty program and are not eligible for a reward:

  • Denial of Service (DoS/DDoS) attacks or testing
  • Spam, phishing, or social engineering attacks
  • Physical security issues (offices, workshops, in-person handling)
  • Vulnerabilities in third-party services or plugins not directly controlled by Microry LLC
  • Reports generated solely by automated scanning tools without manual validation
  • Theoretical issues that require unrealistic conditions to exploit
  • Issues already known to our team or previously reported by another researcher
  • Issues affecting outdated browsers or unsupported software

06How to Submit a Report

To report a security vulnerability, send an email to our security team:

Submit Your Report

We acknowledge every report within 3 business days.

Contact@microry.com
Use subject line: Security Vulnerability Report – microry.com

What to include in your report

  • A clear description of the vulnerability
  • Step-by-step instructions to reproduce the issue
  • The potential impact of the vulnerability if exploited
  • Any screenshots, videos, or proof-of-concept code (if applicable)
  • Your name and how you'd like to be credited if the report is published (optional)
  • The date and time you discovered the issue

We will acknowledge your report within 3 business days and keep you informed of our progress throughout the resolution process. Critical issues are typically triaged within 24 hours.

For general (non-security) questions, please use our standard contact channels — see our Contact Us page.

✦   ✦   ✦

Thank you for helping us stay secure

If you have any question about this program — before or after submitting a report — feel free to reach out.

Address
451 North Dr
Hopkinsville, KY 42240
United States
Phone
+1 (270) 551-1357
Email
Contact@microry.com
Business Hours
Mon – Fri · 9 AM – 6 PM (UTC−6)
Sat & Sun · Closed

Last Updated · May 2026 · Microry LLC · 451 North Dr, Hopkinsville, KY 42240, USA