Maintaining the confidentiality, integrity and availability of our systems and services is a critical aspect of our daily operations.
Swissquote Group currently does not operate a bug bounty program, and does not authorise the active research of vulnerabilities on its websites and services. Nevertheless, should you discover a security vulnerability, we would greatly appreciate your cooperation in disclosing it to us in a responsible manner.
Reporting should be done by email to: firstname.lastname@example.org with all information you deem necessary to explain the issue and how you found it.
A typical vulnerability report is expected to contain the following information:
Submit only a single vulnerability per report, unless a chain is required for measurable impact. We will acknowledge reception of your report, however we will not provide further information on our findings.
As stated above, active research of vulnerabilities (e.g., scans) is not authorised. Also note that the following activities are strictly forbidden and monitored:
Swissquote Group reserves the right to bring any legal action against any person acting in a manner considered as illegal, illicit or as infringing the above.
This program applies to the following:
Certain vulnerabilities are considered out of scope for this program. These include: