Responsible Disclosure

Last updated: December 1, 2018

Our Responsible Disclosure Policy

Quantstamp holds deeply the trust that our customers and business partners place in us. Therefore, the security of our platform is of utmost importance to us. If you are a security researcher and have discovered a security vulnerability in one of our services, products, programs, or protocols, we appreciate your help in disclosing it to us in a responsible manner. Quantstamp will engage with security researchers when potential vulnerabilities are reported to us in accordance with this policy. We will validate and remediate vulnerabilities in accordance with this policy. Quantstamp reserves all of its legal rights in the event of any noncompliance.

Reporting

Quantstamp runs a bug bounty program for many of our services, subject to modification or cancellation at our discretion from time to time. We encourage security researchers to share the details of any suspected vulnerabilities with us by sending an email to security@quantstamp.com, which will be treated as Submissions via the Site. In reporting any suspected vulnerabilities via email or the Site, please include the following information:

Targets

In Scope

Target Name Type
*.quantstamp.com
Website

Out of Scope

The following issues are outside the scope of our rewards program:

In addition, we count the following activities as strictly prohibited, and thus not rewardable: