RESPONSIBLE DISCLOSURE PROGRAM

作为数字银行领域的领导者,瑞讯非常关心信息安全。

维护我们系统和服务的机密性、完整性和可用性是我们日常运营的一个重要方面。

 

计划

瑞讯集团目前没有设立漏洞奖励计划,也未授权对有关其网站和服务的漏洞进行主动研究。尽管如此,如果您发现安全漏洞,我们将非常感谢您的合作并以负责任的方式向我们披露该漏洞。

报告指南
Enveloppe with an "@" symbol on the back

报告应通过电子邮件发送至:vulnerability_disclosure@swissquote.ch,并提供您认为解释问题及其发现方式所需的全部信息。

典型的漏洞报告应包含以下信息:

  • 对漏洞及其潜在影响的描述;
  • 受影响主机、服务或 URL 的列表;
  • 重现漏洞所需的步骤;
  • 您发现漏洞的方式;
  • 您的联系方式。

每份报告仅提交一个漏洞,除非需要一系列漏洞来衡量影响。我们将确认收到您的报告,但我们不会提供有关我们调查结果的进一步信息。
 

Strictly Forbidden Activities

As stated above, active research of vulnerabilities (e.g., scans) is not authorised. Also note that the following activities are strictly forbidden and monitored: 

  • any activity that could lead to the disruption of our services (DoS, DDoS, spam, etc...); 
  • any activity that would threaten the integrity of user data; 
  • any activity that would breach the confidentiality of user data; 
  • usage of automated tools to find vulnerabilities; 
  • any fraudulent transaction.

Swissquote Group reserves the right to bring any legal action against any person acting in a manner considered as illegal, illicit or as infringing the above. 

Scope

This program applies to the following: 

  • domains where Swissquote Group Holding SA is listed as the Registrant Organisation, more specifically domains under  "swissquote.ch" and "swissquote.com"; "library.swissquote.com" is excluded from the above;
  • domains where YUH SA is listed as the Registrant Organisation; 
  • mobile applications published by Swissquote Mobile on the Android Play Store; 
  • mobile applications published by Swissquote on the Apple Store. 

Certain vulnerabilities are considered out of scope for this program. These include: 

  • outdated or vulnerable software versions if no clear exploitability can be demonstrated; 
  • bugs requiring non‑trivial prior knowledge, such as a session token, as prerequisite; 
  • missing best practices in SSL/TLS configuration; 
  • social engineering related issues; 
  • physical security of Swissquote Group property. 

Got further questions?

If you didn’t find the information you were looking for or you still have questions, check out other Help categories.


赞助商
Europa LeagueGenève ServetteZSC Lions

了解风险

在外汇平台上交易外汇、现货贵金属和任何其他产品都可能面临重大损失风险,可能并不适合所有投资者。在瑞讯银行开立账户之前,请考虑自身的经验水平、投资目标、资产、收入和风险偏好。您可能会损失部分或全部初始投资,因此您在进行投机、投资或对冲时使用的资金必须在自己能够承受损失的范围内,不要使用借来的、急用的或是个人或家庭生存所必需的资金。您应该了解与外汇交易相关的所有风险,如果您有任何疑问,请寻求独立财务顾问的建议。本网站内容为广告材料,未提交给任何监管机构,也未获得任何监管机构的批准。