Schroders

Please note that Schroders will not provide any monetary rewards for bug submissions.

If you believe you have discovered a potential security vulnerability on Schroders-owned websites we look forward to receiving your submission and appreciate your help in disclosing the issue to us responsibly. Please include the following details in your report:

• Title:

• Vulnerability Type (include CWE/CVE numbers if known):

• Vulnerable URLs:

• Vulnerable Parameter:

• Proof of Concept:

Details:

• Steps to Reproduce (please include sample payloads):

• Threat (What is the threat to our users?):

• Impact (What impact could an attacker achieve?):

• Solution/Recommendations:

Supporting Material/References:

• List any additional material (e.g. please attach screenshots, logs, etc.)

Our customers' privacy, data confidentiality and integrity is crucial. You agree that you will not disclose the vulnerability information reported to Schroders to any other third party without our explicit permission.

You must not disrupt, compromise, destroy data, or interrupt or degrade our services.

Please note that it is our policy not to provide any monetary reward, however we can post various items of merchandise as a thank you for finding the security issue.

We look forward to receiving your reports, and appreciate your help in disclosing security issues to us responsibly.