<img src="https://secure.office-information-24.com/785669.png" style="display:none;">
Security Vulnerability Privacy

Your Security Matters

Learn more about how QT9 handles any security vulnerability information below.

QT9-Software-World

QT9 Security Vulnerability Policy

This Policy Applies to:

•    Vulnerabilities affecting products, services, systems developed, maintained, or supported by QT9 Software
•    Vulnerabilities reported by external researchers, partners, contractors or customers.
•    Coordination with vendors, researchers, contractors and other CNAs when applicable.

Website

1. Disclosure Process

  1. Submission
    • Vulnerabilities may be submitted via security@qt9software.com
    • Submissions should include affected product/version, vulnerability description, and reproduction steps.

  2. Acknowledgment
    • We will acknowledge receipt within 7-10 business days and begin triage.

  3. Validation
    • We will assess the report for accuracy, severity, and scope.
    • If the vulnerability is valid and within our CNA scope, we will proceed with CVE ID assignment.

  4. CVE Assignment
    • QT9 Software will assign a CVE ID in accordance with Program rules and notify the reporter.

  5. Coordination
    • We will work with the reporter and any affected third parties to coordinate disclosure.
    • Our default disclosure timeline is 60 days but may be adjusted based on impact and stakeholder agreement.

  6. Public Disclosure
    • Once coordinated, we will publish the CVE Record and advisory on www.cve.org
    • We will not disclose technical details without mutual agreement from involved parties.

Confidentiality

Confidentiality

•    All reports are treated as confidential until public disclosure.
•    Reporter identity will be kept private unless explicit consent is provided.

Out-Of-Scope Handling

Out-of-Scope Handling

  • Vulnerabilities outside our scope will be referred to the appropriate CNA or Root CNA.

Policy maintenance

Policy Maintenance

This policy will be reviewed annually and updated as needed to reflect changes regarding the CVE Program or our internal processes.