Qbiz Vulnerability Disclosure Policy
Qbiz prioritizes the protection of its systems and the integrity of client data. We appreciate the support of information security researchers in helping us maintain the reliability of our services.
Should you discover a potential vulnerability within Qbiz systems or services, we encourage you to report it immediately.
Guidelines for responsible disclosure
-
Report issues immediately upon discovery.
-
Avoid actions that could compromise user privacy, degrade experience, disrupt systems, or damage data.
-
Use exploits only to confirm vulnerabilities and avoid data compromise, establishing persistent access, or pivoting to other systems.
-
Allow sufficient time for issue resolution before public disclosure.
-
Refrain from submitting numerous low-quality reports.
-
Maintain confidentiality: If a vulnerability or sensitive data is found, cease testing immediately, notify Qbiz, and do not share the data.
Safe harbor statement
Qbiz will not recommend or pursue legal action against individuals for security research activities that are conducted in good faith and in compliance with this policy. Such activities will be considered authorized. This means that researchers acting within the defined rules will not be prosecuted for "hacking" related to their vulnerability discovery efforts.
Bug bounty and rewards
Qbiz does not offer monetary rewards or bug bounties for vulnerability submissions at this time.
How to report a vulnerability
Please report potential vulnerabilities to: security@qbizinc.com
What to expect
Qbiz will acknowledge the report, work to validate and address the vulnerability, and provide progress updates. Reports may be shared with CISA or affected vendors for coordinated disclosure, but information will not be shared without permission.
Note: This policy applies to Qbiz's systems and services. Report vulnerabilities in non-Qbiz systems to the respective vendor. Responsible reporting and efforts to enhance internet security are appreciated.