log4j vulnerabilities will be accepted beginning on January 10, 2022 - Announcements - Cisco Meraki

$100 – $10,000 per vulnerability
Partial safe harbor

According to Meraki's program, "Vulnerabilities in open source packages less than one month old" are out of scope. Therefore, validated reports received before January 10, 2022 that are fixed will be marked as Informational. New or existing reports that are vulnerable as of January 10th, 2022 will be eligible for a monetary award.

Thank you for your participation in our program!