WHO WE ARE
About US Our Team Research System Approaches to Achieving Alpha Security System Contact us
TRADE WITH US
Insights & Education
Cash
Automated Investing
Download
Responsible Disclosure
English Version

At VoidMetrix, we take cybersecurity seriously and value the contributions of the security community at large. The responsible disclosure of potential issues helps us ensure the security and privacy of our customers and their data.

If you believe you have identified a potential security issue, please send it to us in accordance with our Responsible Disclosure Guidelines and include the following information:

• A description of the issue and where it is located.

• A description of the steps required to reproduce the issue.

Responsible Disclosure Guidelines

Researchers shall disclose potential vulnerabilities in accordance with the following guidelines:

1. Do not engage in any activity that can cause harm to VoidMetrix, our customers, or our employees.

2. Do not engage in any activity that can stop or degrade VoidMetrix services or assets.

3. Do not initiate a fraudulent financial transaction.

4. Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) data, assets, or systems reside, (ii) data traffic is routed or (iii) the researcher is conducting research activity.

5. Do not store, share, compromise or destroy VoidMetrix or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity, purge related data from your system, and immediately contact VoidMetrix. This step protects any potentially vulnerable data, and you.

6. No automated scanning or testing.

7. Provide VoidMetrix reasonable time to fix any reported issue before such information is shared with a third party or disclosed publicly.

By responsibly submitting your findings to VoidMetrix in accordance with these guidelines, VoidMetrix agrees not to pursue legal action against you. VoidMetrix reserves all legal rights in the event of noncompliance with these guidelines.

Once a report is submitted, VoidMetrix commits to provide prompt acknowledgment of receipt of all reports and will keep you reasonably informed of the status of any validated vulnerability that you report through this program.

Out of Scope Vulnerabilities

Certain vulnerabilities are considered out of scope for our Responsible Disclosure Program. Out-of-scope vulnerabilities include:

• Physical testing

• Social engineering or phishing

• Denial of service attacks

• Resource exhaustion attacks

• Attacks requiring MITM or physical access to a user's device.

Submission Format

When reporting a potential vulnerability, please include a detailed summary of the vulnerability, including the target, steps, tools, and artifacts used during discovery (screen captures welcome).