Build your kingdom. We’ll secure it.

Traders come to The Funded Trader to build their kingdom. That’s why we invest in leading technology and data security infrastructure, protocols, and programs to ensure their kingdoms are as secure as possible. We conduct a full-scale penetration test and vulnerability scan each year that catches potential security vulnerabilities. We also offer a Vulnerability Disclosure Program where we empower our community to submit any potential security issues we may have missed to help us protect the kingdom for all.

Report a Security Vulnerability

Vulnerability Disclosure Guidelines

The Funded Trader is a rapidly growing and security-driven company. We believe in delivering our trading technology with the least risk and threat associated with each public-facing TFT resource/service.

If you are interested in finding technical application and workflow issues that can be exploited, we appreciate your help. We recommend submitting such issues as soon as possible.

Our team will investigate the security reports and resolve the issue within a reasonable time frame. While we do not offer any rewards for reported issues from our community, we greatly appreciate your help in keeping our platform safe and secure. You may read the guidelines below and then use the submission form to share any issues for our team to investigate.

Guidelines

  • Adherence to TFT’s Disclosure Policy
  • Provide necessary assistance to Branch to replicate the issue and mitigate relevant security issues.
  • Automated tool’s vulnerability reports are not accepted as a valid submission
  • Intensive automated scans must not negatively impact any or all of TFT’s services availability.
  • Automated vulnerability scanning tools or scanned reports are prohibited.
  • In the case of duplicate reports, the first report would be considered a valid submission.
    • Do not intentionally harm the experience or usefulness of the service to others, including degradation of services and denial of service attacks.
    • Do not attempt to view, modify, or damage data belonging to others.
    • Do not disclose the reported vulnerability to others until we’ve had reasonable time to address it.
    • Do not attempt to gain access to another users account or data.
    • Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

Scope for TFT’s Bug Bounty Program

Breach of our program’s terms

The expectation is to respect all the terms and conditions of The Funded Trader’s Bug Bounty Program. Non-adherence or non-compliance will lead to disqualification. A serious breach may also lead to suspension of the account and existing access controls.

Promotions Banner