If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please follow the guidelines below:
Please send your findings to security-alert@cryptoquantique.com (Optionally, please encrypt your report with a PGP key found in thisĀ Crypto Quantique Security Vulnerability Disclosure .txt file as an extra layer of protection so that critical information is not accidentally disclosed).
Please provide as much information as possible such as:
- Product Name, version, and operating environment.
- Details on the issue.
- Configuration and environment to reproduce the issue.
- Name and additional contact details (optional).
Please do not take advantage of the vulnerability you have discovered. We will handle all reports with strict confidentiality. We aim to resolve all problems as quickly as possible. Please note that we may need to coordinate our vulnerability response internally and this may take some time.
Please refrain from any public disclosure until Crypto Quantique has given permission. This will allow time for a security patch to be deployed and ensure that customers and end-users are protected.
If you find a vulnerability in one of our products that results in a security patch, we can publicly acknowledge your help in identifying the vulnerability in the Security Advisory and/or on this website.
References
- Crypto Quantique Security Vulnerability Disclosure .txt file
- Email: security-alert@cryptoquantique.com
- ISO/IEC 29147:2018 Vulnerability disclosure.
- ISO/IEC 30111:2019 Vulnerability handling processes.
- Code of Practice for Consumer IoT Security, UK Government: Department for Digital, Culture, Media & Sport.