Vulnerability Disclosure Policy

Introduction

Ensuring the protection and integrity of our customer data, along with the dependability of our offerings, is paramount at Virtual Global Trading AG. Our goal is to develop and deliver services and products that embody the highest standard of security and dependability. This policy describes the Virtual Global Trading's approach to requesting and receiving reports related to potential vulnerabilities and errors in its products and services.

Virtual Global Trading values and recognizes the important contributions made by cybersecurity researchers and is deeply grateful for the diligence of individuals who report vulnerabilities or errors.

Scope

We encourage customers, users, researchers, partners, and anyone else engaging with Virtual Global Trading's services and products available to the public, to report any vulnerabilities and errors found in these offerings.

Legal Safe Harbor

Activities conducted in adherence to this policy are considered authorized, and Virtual Global Trading will not pursue legal action against individuals complying with these guidelines. Should a third party initiate legal proceedings against you for actions taken in compliance with this policy, Virtual Global Trading commits to informing the relevant authorities that your actions were within the bounds of this policy.

Reporting Vulnerabilities

The preferred channel for reporting vulnerabilities and errors to Virtual Global Trading is through the submission form provided on this webpage.

Whether or not you choose to provide your contact information when reporting a vulnerability is completely optional.
Virtual Global Trading will process all reports, regardless of whether they are made anonymously or with contact details provided.
If contact information is submitted, it will be used solely for the purpose of reaching out to you for additional details about your report.
For information on how we handle your personal data, please refer to the general privacy policy of Virtual Global Trading atwww.vgt.energy/privacy.

The receipt of each report will be acknowledged within 72 hours.While the vulnerability is being addressed, we will keep you informed of progress on a regular basis, but at least every two weeks.As soon as the vulnerability has been fixed, we will inform you of the measures taken and, if necessary, publish a public advisory.In this phase, you can coordinate the publication of your own results with Virtual Global Trading.

What we expect from you:

Well-written reports in German or English.
Detailed explanations of your bug discovery process.
Include a proof of concept.
Avoid sending reports generated by automated tools unless manually verified.

Your Responsibilities

You agree to adhere to the guidelines of this policy and you will not violate any laws in the course of your reporting activities or your interactions with Virtual Global Trading's products or services.
You will promptly report any discovered vulnerabilities.
You will not exploit any vulnerabilities for purposes other than reporting them to Virtual Global Trading AG.
You will abstain from any actions that could harm Virtual Global Trading, its customers, employees, partners, or suppliers during your testing/research.
You will not misuse, manipulate, delete, alter, or destroy any data during your discovery process.
You will not engage in social engineering, spam, phishing, denial-of-service attacks, or any actions that could deplete resources.
You will not attempt to breach the physical security of Virtual Global Trading's premises or facilities.
You agree to keep the details of your report, including the existence of the reported vulnerability, confidential and not disclose them to third parties.
You understand that your report is made without any expectation of compensation or other benefits, financial or otherwise.

Our Promise

We value your contributions and will endeavor to:

Acknowledge your report in a timely manner.
Maintain an open line of communication to discuss the details of your report.
Provide an estimated timeline for the resolution of the vulnerability, where feasible.

We extend our gratitude to every researcher who contributes a vulnerability report, aiding in the enhancement of Virtual Global Trading's security. For direct contact, you may also reach us at

Check out the already reported vulnerabilities on ouradvisory page.

Vulnerability Summary

Report Title *

Affected Website *

CVSS3 Score

Attack Vector *

Attack Complexity *

Privileges Required *

Scope *

User Interaction *

Confidentiality *

Integrity *

Availability *

CVSS3 Score

0.0

Reporter Information

Name

PGP Key

Technical Details

Affected Endpoints *

Technical Environment *

Technical Details Markdown supported*

By submitting a report, the security researcher guarantees that the report and any attachments do not infringe the intellectual property rights of third parties, and the security researcher assigns all intellectual property rights free of charge to the receiving company, which accepts these rights.

Kunden

Plattform

Flexibilitäts

Management

Über

uns

blog

Vulnerability Disclosure Policy

Introduction

Virtual Global Trading values and recognizes the important contributions made by cybersecurity researchers and is deeply grateful for the diligence of individuals who report vulnerabilities or errors.

Scope

Legal Safe Harbor

Reporting Vulnerabilities

Your Responsibilities

Our Promise

Vulnerability Summary

CVSS3 Score

CVSS3 Score

0.0

Reporter Information

Technical Details