Application Security

a) Secure Development Process

i) MUFEX adheres to industry-leading practices in secure software development lifecycle (SDL) to effectively manage and enhance application security. These practices encompass a comprehensive range of measures, including employee security awareness training, adherence to code security baselines, rigorous product security reviews, thorough threat modeling, code auditing, component scanning, robust security testing, and a responsive online incident emergency response system. MUFEX has established a tailored set of SDL processes designed to swiftly identify and mitigate threats, ensuring the avoidance of security vulnerabilities in production systems and minimizing financial risks for both exchanges and users."

ii)To ensure the production system's robust security, MUFEX implements the Bug Bounty mode, a rewarding method that encourages the discovery and reporting of unknown vulnerabilities. By incentivizing security researchers to uncover and disclose potential vulnerabilities, MUFEX aims to continuously reduce the presence of security vulnerabilities on the production system.

b) User Account Security

i) Safeguarding user account security is MUFEX's top priority. The company has assembled a team of experienced developers and security personnel. Efforts have been made to prevent malicious registrations, protect against user login credential theft, implement measures such as single device login, two-factor authentication, anti-replay attacks, and prevention of malicious email attacks. MUFEX has achieved a leading industry level in ensuring user account security.

ii) Through an offline account risk control system, suspicious activities and patterns are identified to enhance user account security.

c) Vulnerability and Security Incident Management

i) MUFEX has seamlessly integrated and optimized three prominent vulnerability classification models: GB/T 30279-2020, CVSS, and DREAD. In line with this integration, MUFEX has established a comprehensive framework encompassing vulnerability and incident classification standards, as well as defined time limits for vulnerability remediation and incident response. Security personnel utilize a unified database to track and resolve security vulnerabilities and incidents effectively. To prevent the recurrence of similar vulnerabilities or incidents, MUFEX conducts post-incident reviews and provides information security education, ensuring the efficient allocation of resources and mitigating escalating manpower costs."