# Rapidtrade Security Policy # https://rapidtrade.org/.well-known/security.txt # # If you discover a security vulnerability, please report it responsibly. # We take all security reports seriously and will respond promptly. Contact: mailto:security@rapidtrade.org Contact: https://rapidtrade.org/security/report Encryption: https://rapidtrade.org/.well-known/pgp-key.txt # Bug Bounty Program Acknowledgments: https://rapidtrade.org/security/hall-of-fame Policy: https://rapidtrade.org/security/policy Hiring: https://rapidtrade.org/careers # Preferred Languages Preferred-Languages: en # Canonical Location Canonical: https://rapidtrade.org/.well-known/security.txt # This security.txt file expires on Expires: 2027-02-26T23:59:59.000Z # ═══════════════════════════════════════════════════════════════════════════════ # VULNERABILITY DISCLOSURE POLICY # ═══════════════════════════════════════════════════════════════════════════════ # # SCOPE # ───────────────────────────────────────────────────────────────────────────── # In-Scope: # • rapidtrade.org and all subdomains # • Rapidtrade iOS and Android applications # • Rapidtrade API (api.rapidtrade.org) # • Rapidtrade WebSocket feeds (ws.rapidtrade.org) # • Authentication and authorization systems # • Payment and withdrawal systems # • Smart contract integrations # # Out-of-Scope: # • Third-party services and integrations # • Social engineering attacks on employees # • Physical security attacks # • Denial of service attacks # • Vulnerabilities in outdated browsers # • Automated scanning without prior approval # # ═══════════════════════════════════════════════════════════════════════════════ # BUG BOUNTY REWARDS # ═══════════════════════════════════════════════════════════════════════════════ # # Critical (CVSS 9.0-10.0)........ $50,000 - $250,000 USD # • Remote code execution # • Private key compromise # • Unauthorized fund transfers # • Smart contract vulnerabilities affecting funds # • Authentication bypass on trading systems # # High (CVSS 7.0-8.9)............ $10,000 - $50,000 USD # • SQL injection # • Privilege escalation # • Sensitive data exposure (PII, financial data) # • SSRF with significant impact # • Broken authentication # # Medium (CVSS 4.0-6.9).......... $2,500 - $10,000 USD # • Stored XSS # • CSRF on sensitive actions # • IDOR with meaningful impact # • Information disclosure # # Low (CVSS 0.1-3.9)............. $500 - $2,500 USD # • Reflected XSS # • Minor information leakage # • Security misconfigurations # # ═══════════════════════════════════════════════════════════════════════════════ # SAFE HARBOR # ═══════════════════════════════════════════════════════════════════════════════ # # Rapidtrade will not pursue legal action against security researchers who: # # 1. Report vulnerabilities in good faith # 2. Avoid privacy violations and data destruction # 3. Do not access, modify, or delete user data # 4. Do not degrade service performance # 5. Provide reasonable time for remediation (90 days) # 6. Do not publicly disclose before coordinated disclosure # # We commit to: # • Acknowledge receipt within 24 hours # • Provide initial assessment within 72 hours # • Keep you informed of remediation progress # • Credit you in our Hall of Fame (if desired) # • Pay bounties within 14 days of validation # # ═══════════════════════════════════════════════════════════════════════════════ # PGP KEY FINGERPRINT # ═══════════════════════════════════════════════════════════════════════════════ # # For encrypted communications, use our PGP key: # Fingerprint: 4A7B 9C3D E5F1 2468 ACE0 1357 BDF2 4680 9135 7ACE # Key ID: 0x91357ACE # Key URL: https://rapidtrade.org/.well-known/pgp-key.txt # # ═══════════════════════════════════════════════════════════════════════════════ # CERTIFICATIONS & COMPLIANCE # ═══════════════════════════════════════════════════════════════════════════════ # # • SOC 2 Type II (Deloitte & Touche LLP) # • ISO 27001 Information Security # • PCI DSS Level 1 # • GDPR Compliant # • CCPA Compliant # • FinCEN MSB Registered # • State Money Transmitter Licenses (48 states) # # ═══════════════════════════════════════════════════════════════════════════════ # Thank you for helping keep Rapidtrade and our users safe.