Bug Bounty

At OWL, security is our top priority, and we value the responsible and private disclosure of security issues. To show our appreciation, we offer a Bug Bounty program.

Bounty Rewards

We pay $100 USD for each accepted security or data privacy-related bug. Upon receiving your bug report, we will review and respond within 14 business days. If your report meets our criteria, you will receive $100 USD for each unique bug reported.

Excluded Bug Types

Please note: Bugs reported as part of the Beta testing program are excluded

The following bug types are specifically excluded from the bounty program:

  • Reports for 3rd-party systems
  • Descriptive error messages (e.g., Stack traces, application, or server errors)
  • HTTP 404 codes/pages or other HTTP non-200 codes/pages
  • Banner disclosure on common/public services
  • Disclosure of known public files or directories (e.g., robots.txt)
  • Clickjacking and issues only exploitable through clickjacking
  • Self-XSS and issues exploitable only through Self-XSS
  • CSRF on forms available to anonymous users (e.g., contact form)
  • Tab nabbing
  • Stripping EXIF data from uploaded images
  • Logout Cross-Site Request Forgery (logout CSRF)
  • Presence of application or web browser “autocomplete” or “save password”
  • Issues requiring physical access to the device
  • DMARC configuration not in quarantine or reject mode
  • WordPress XMLRPC or REST API scripts not deleted (they are disabled as much as our host allows)
  • Execution of CSV content by a third-party client application due to special treatment of certain characters in the exported CSV
  • Reports relating to the password policy
  • Duplicate bug reports previously received
  • Bug reports for which the fix is not feasible

Reporting Guidelines

We encourage you to focus on our primary domains, including ontaskworklogger.com.

When submitting a bug report, please submit the bug in our OWL Help Center and include as much information as possible. This should encompass:

  • Steps to reproduce the bug
  • An explanation of why it is considered a bug
  • Any supporting documentation or media (e.g., screenshots, videos)

Videos are especially encouraged to help us better understand the issue.

Thank you for helping us maintain a secure environment for our users!

Request a DEMO Flight of OWL
Request a DEMO Flight of OWL