RESPONSIBLE DISCLOSURE PROGRAM

身為數位銀行業的領導者,瑞訊非常注重資訊安全。

維護系統和服務的機密性、完整性和可用性,是我們日常營運的重大要務。

 

本計畫

瑞訊集團目前並未建立漏洞回報獎勵計畫,也未授權主動研究網站和服務上的漏洞。儘管如此,如若發現安全漏洞,還須請您以負責的態度進行通報,我們誠摯感謝您的配合。

報告準則
Enveloppe with an "@" symbol on the back

報告請以電子郵件寄至:vulnerability_disclosure@swissquote.ch,隨信請提供所有您認為有必要說明的問題及發現的方式。

一般漏洞報告應包含以下資訊:

  • 漏洞及其潛在影響的說明;
  • 受影響的主機、服務或 URL 清單;
  • 重現漏洞的必要步驟;
  • 如何識別該漏洞;
  • 您的聯絡資訊。

每份報告只能報告一項漏洞,除非是有必要衡量影響性的連鎖漏洞。確認收到您的報告之後,我們並不會提供進一步調查的結果。
 

Strictly Forbidden Activities

As stated above, active research of vulnerabilities (e.g., scans) is not authorised. Also note that the following activities are strictly forbidden and monitored: 

  • any activity that could lead to the disruption of our services (DoS, DDoS, spam, etc...); 
  • any activity that would threaten the integrity of user data; 
  • any activity that would breach the confidentiality of user data; 
  • usage of automated tools to find vulnerabilities; 
  • any fraudulent transaction.

Swissquote Group reserves the right to bring any legal action against any person acting in a manner considered as illegal, illicit or as infringing the above. 

Scope

This program applies to the following: 

  • domains where Swissquote Group Holding SA is listed as the Registrant Organisation, more specifically domains under  "swissquote.ch" and "swissquote.com"; "library.swissquote.com" is excluded from the above;
  • domains where YUH SA is listed as the Registrant Organisation; 
  • mobile applications published by Swissquote Mobile on the Android Play Store; 
  • mobile applications published by Swissquote on the Apple Store. 

Certain vulnerabilities are considered out of scope for this program. These include: 

  • outdated or vulnerable software versions if no clear exploitability can be demonstrated; 
  • bugs requiring non-trivial prior knowledge, such as a session token, as prerequisite; 
  • missing best practices in SSL/TLS configuration; 
  • social engineering related issues; 
  • physical security of Swissquote Group property. 

Got further questions?

If you didn’t find the information you were looking for or you still have questions, check out other Help categories.