Vulnerability Disclosure Policy

July 30, 2024
Version 1.1

evolutionQ is a company that always strives to develop robust, secure products and solutions. While we always working to improve our products and proactively address any vulnerabilities that might occur, there may an occasion when there is an outside discovery by (others, the research community).  This policy outlines our approach to receiving, acknowledging and addressing a vulnerability if it would be found and reported to us. (SHOULD WE say if would be found by a researcher, discoverer, finder – pick one).

If you find a vulnerability in any of our currently supported products, please contact us at secure@evolutionq.com with the following information:

  • Name, version and configuration detail of the affected product
  • Name of all the (researchers/finders) that were involved in the discovery of the vulnerability
  • A description of the vulnerability and its running environment
  • The potential impact of the vulnerability
  • Detailed steps to reproduce the vulnerability
  • A video or screenshots that demonstrate the proof of concept
  • Contact information for follow up questions

evolutionQ is committed to:

  • Acknowledge your report within 2 business days.
  • Investigate the reported vulnerability and aim to provide an initial assessment within 7 business days.
  • Stive to address to address verified vulnerabilities promptly and will keep you informed throughout the process.

We appreciate your efforts to help improve our products and will offer public recognition for your contribution, if you desire.

We will work with (researchers/ finders) who perform security testing that:

  • Is conducted in a manner to protect the privacy and security of all of customers and partners and their data and infrastructure.
  • Does not engage in actions that could disrupt our services, compromise data integrity, or negatively impact our users.
  • Does not disclose the vulnerability to third parties or publicly before we have had a reasonable opportunity to address it.
  • Complies with all applicable laws and regulations around security testing activities.

Note this policy may be updated from time to time and revisions can be found on this website.