Skip to main content
FMC
The FirmPlatformsInfrastructureOur ApproachCareersInsightsContact

FMC Trading & Logistics Co. Ltd.
Headquartered in Hong Kong

Vulnerability Disclosure Policy

Last updated: July 2026
This version takes effect on the date above.

1. Introduction

FMC Trading & Logistics Co. Ltd. (“FMC”) takes the security of its systems seriously and welcomes reports of potential vulnerabilities in this website. This policy explains how to report a vulnerability and what to expect from us.

2. Scope

This policy applies to security vulnerabilities discovered in the public FMC website at www.fmc.hk (and the apex fmc.hk) and its associated public endpoints.

The following are out of scope:

  • denial-of-service (DoS/DDoS) or volumetric testing;
  • social engineering of FMC staff, customers, or vendors;
  • physical attacks;
  • automated scanning that degrades service;
  • reports relating to third-party services or infrastructure not operated by FMC;
  • non-security issues (for example cosmetic bugs or best-practice suggestions without a demonstrable security impact).

3. How to Report

Please email security@fmc.hk with:

  • a clear description of the vulnerability and its potential impact;
  • the steps required to reproduce it (a proof-of-concept is helpful);
  • the affected URL(s) or component(s).

Please do not include the real personal data of third parties in your report.

4. Guidelines for Researchers

When investigating, please act in good faith and:

  • only interact with accounts and data you own or have explicit permission to test;
  • do not access, modify, delete, or exfiltrate data beyond the minimum necessary to demonstrate the issue;
  • do not disrupt or degrade our services (no denial-of-service, spam, brute-forcing, or automated high-volume testing);
  • do not use social-engineering, phishing, or physical techniques;
  • respect the privacy of others, and stop testing and notify us immediately if you encounter any personal data;
  • give us a reasonable opportunity to remediate before disclosing the issue publicly.

5. Safe Harbor

FMC considers security research and vulnerability disclosure conducted in good faith and in accordance with this policy to be authorized. We will not pursue or support legal action against researchers for accidental, good-faith violations of this policy, and will work with you to understand and resolve the issue quickly. This does not authorize actions that are inconsistent with the guidelines above or with applicable law.

6. Our Commitment

When you submit a report in line with this policy, we will:

  • acknowledge receipt within five (5) business days;
  • work to validate and remediate confirmed vulnerabilities in a timely manner;
  • keep you informed of our progress where appropriate;
  • credit you for your discovery if you wish, once the issue is resolved.

7. Recognition

FMC does not operate a paid bug-bounty programme at this time. We are, however, grateful for responsible disclosures and are happy to acknowledge researchers who help keep our systems and users safe.

8. Changes to This Policy

We may update this policy from time to time; the current version is always available on this page.

9. Contact

Security reports: security@fmc.hk. This policy is also referenced from our machine-readable security.txt.

FMC

Global Trading & Logistics

Headquartered in Hong Kong

Company

  • The Firm
  • Global Footprint
  • Our Approach
  • Infrastructure
  • Insights

Platforms

  • Automotive & Mobility Systems
  • Industrial & Manufacturing Technologies
  • Technology & Speciality Equipment
  • Health & Wellness Distribution
All Platforms→

Careers

  • Careers
  • Open Roles

Contact

  • Business Enquiries→
  • Corporate Information
© 2026 FMC Trading & Logistics Co. Ltd.
PrivacyTermsCookiesSecurity