Amdax welcomes feedback from security researchers and the public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we would like to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect in reporting to us and what you can expect from us in return.
This policy applies to any digital assets owned, operated, or maintained by Amdax. Any design or implementation issue that substantially affects the confidentiality or integrity of user data is likely to be in scope for the program. While this vulnerability disclosure policy primarily represents our focus for security research, we are interested in reports for all our products and services under our direct control. This can include any open-source libraries, software, or third-party components.
The following subjects are however not in scope, and will not result in a vulnerability disclosure:
HTTP security headers, including but not limited to CSP, HSTS and X-XSS-Protection;
Non-200 HTTP return codes;
Version banners or other service fingerprinting;
Please note that this policy is not an invitation to actively scan our networks or systems for weaknesses in an automated way, causing high loads or traffic on our systems.
We expect all security researchers and the public to:
When working with us, according to this policy, you can expect us to:
On the Amdax Wall of Fame, Amdax places individuals who have reported a vulnerability or a problem in the security of our systems. In doing so, they followed the Responsible Disclosure policy. As a result, they acted responsibly. Amdax is grateful to these individuals because their reports allow us to improve our security.
We thank:
October 2024
March 2024
August 2023
July 2023
June 2023
We use cookies to personalize content and advertisements, to offer social media features and to analyze our website’s traffic. We’ll also share information about your usage with our partners for social media, advertising and analysis. These partners can combine this data with data you’ve already provided to them, or that they’ve collected based on your use of their services.