TradingView Bug Bounty Program
If you have found a security bug and want to report it to us, please email us at firstname.lastname@example.org.
Below are some rules for the security researchers.
You should not disclose a bug before you receive an approval from us. Please be patient as reports are reviewed within two weeks and we need time to fix the bug/s.
A bug report should include a detailed description of the discovered vulnerability and steps that need to be taken in order to reproduce it or a working proof-of-concept. If you do not describe vulnerability details then it could take a long time to review the report and/or could result in a rejection of your report.
Your reward will depend on the discovered vulnerability as well as it’s security impact. We do not compensate for the discovery of the following vulnerabilities:
- vulnerabilities in user’s software or vulnerabilities that require full access to user’s software;
- vulnerabilities or leaks in third-party services;
- vulnerabilities or old versions of third party software/protocols, missed protection as well as a deviation from best practises that doesn’t impose a threat in terms of security;
- vulnerabilities with no significant security impact;
- vulnerabilities that require the user to perform unusual actions.
You should not use automated tools and scanners to find vulnerabilities. We'll not review scanner-generated reports.
You should not perform any attack that could damage our services, our or client data. DDoS, spam, brute force attacks are not permitted.
You should not involve other users without their explicit consent.
You should not perform or try to perform non-technical attacks such as social engineering, phishing or physical attacks against our employees, users or infrastructure.