Disclosure requirements
By submitting your vulnerability report to Amundi, you are required to:
- Comply with applicable laws
- Not carry out denial-of-service or resource exhaustion attacks
- Use Amundi systems for no purpose other than to harm the Group, its customers, its employees or third parties (partners, service providers, etc.)
- Not use, distribute, modify or delete any data that you may access by exploiting the vulnerability
- Not engage in social engineering, spam or phishing attacks against Amundi employees, third parties or customers
- Not test the physical security of Amundi's property, third parties or customers
- Not disclose information relating to this disclosure, the reported vulnerability or the fact that a vulnerability has been reported to Amundi
The Amundi Group undertakes not to take legal action against reporting parties who submit reports in accordance with the rules.
Reporting a vulnerability does not give you any intellectual property rights over assets belonging to the Amundi Group or any of its third parties.
All aspects of this process are subject to change without notice, as well as to exceptions on a case-by-case basis.
The Amundi Group appreciates the efforts made by the reporter to identify the vulnerability. We thank you for your contribution to improving the security of our products and systems and the Internet community as a whole.