submit bug report: https://quantstamp.com/legal/responsible-disclosureOur Responsible Disclosure Policy
Quantstamp holds deeply the trust that our customers and business partners place in us. Therefore, the security of our platform is of utmost importance to us. If you are a security researcher and have discovered a security vulnerability in one of our services, products, programs, or protocols, we appreciate your help in disclosing it to us in a responsible manner. Quantstamp will engage with security researchers when potential vulnerabilities are reported to us in accordance with this policy. We will validate and remediate vulnerabilities in accordance with this policy. Quantstamp reserves all of its legal rights in the event of any noncompliance.
Reporting
Quantstamp runs a bug bounty program for many of our services, subject to modification or cancellation at our discretion from time to time. We encourage security researchers to share the details of any suspected vulnerabilities with us by sending an email to
[email protected], which will be treated as Submissions via the Site. In reporting any suspected vulnerabilities via email or the Site, please include the following information:
Detailed information with steps for us to reproduce the vulnerability
Your email address
Understand that all valid reports will be taken seriously by our engineering teams
Act in good faith to avoid privacy violations, destruction of data, and interruption or degradation of our services (including Denial of Service)
Comply with all applicable laws
We will only reward the first report of a vulnerability. Public disclosure of the vulnerability prior to resolution may cancel a pending reward. We reserve the right to disqualify individuals from the program for disrespectful or disruptive behaviour.
We will not negotiate in response to duress or threats (e.g. we will not negotiate the payout amount under threat of withholding the vulnerability, or of releasing the vulnerability or any exposed data to the public).
