On January 19, 2023, certain Genesis entities filed voluntary cases under Chapter 11 of the U.S. Bankruptcy Code. For information and updates, visit the Genesis Capital Restructuring Website.

Responsible Disclosure Policy

Introduction

Genesis Global Trading is committed to the security and privacy of its customers, products, and services. This policy is intended to give security researchers clear and concrete guidelines for responsibly conducting and reporting on vulnerability discovery activities. This policy outlines steps for reporting vulnerabilities to us, what we expect, and what you can expect from us.

Scope

This policy applies to any digital assets owned, operated, or maintained by Genesis Global Trading.

Out Of Scope

All assets not owned by parties participating in this policy, including any subsidiary or parent organizations, shall not be in scope for this policy.

Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate authority.

Our Commitments And Expectations

For the protection of our customers, Genesis Global Trading does not disclose, discuss, or confirm security issues until our investigation is complete and all fixes are generally available.

  1. We request that the reporter keep any communication regarding the vulnerability confidential while we investigate the submission
  2. Should the vulnerability be confirmed, our vulnerability response team will keep you informed about the remediation progress for the vulnerability
  3. We will work to remediate all confirmed vulnerabilities in a timely manner within our operational constraints
  4. Depending on the nature of the vulnerability, and potential impact of disclosure, we may respectfully request that you redact or refrain from publishing details of the vulnerability
  5. Provided you make a good faith effort to comply with this policy, and have not caused financial or material harm, Genesis Global Trading will not recommend or pursue any legal action related to your research in accordance with the following Safe Harbor declaration:

Safe Harbor

All vulnerability research conducted in accordance with this policy shall be considered:

  • Authorized concerning any applicable anti-hacking laws, and we will not initiate or support legal action against you for accidental, good-faith violations of this policy
  • Authorized concerning any relevant anti-circumvention laws, and we will not bring a claim against you for circumvention of technology controls
  • Exempt from restrictions in our Terms of Service (TOS) and/or Acceptable Usage Policy (AUP) that would interfere with conducting security research, and we waive those restrictions on a limited basis
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith

You are expected, as always, to comply with all applicable laws. If legal action is initiated by a third party against you and you have complied with this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please submit a report to [email protected] before going any further.

Note that the Safe Harbor applies only to legal claims under the control of the organization participating in this policy, and that the policy does not bind independent third parties.

Reporting A Security Issue

If you believe you have discovered a vulnerability in a Genesis product or service, please fill out this coordinated vulnerability disclosure form to assist us in our investigation. Well-written reports in English with proof-of-concept code will have a higher chance of rapid resolution.