Responsible Disclosure
Maintaining the security of our systems and our client’s data is of utmost importance at Quiq. If you believe you are aware of a security vulnerability in Quiq’s systems or software, we encourage you to disclose it to us in a responsible manner.
Scope
Quiq’s application is in scope: You can request a deployment here to conduct testing against https://magic.quiq.com/tryquiq/request
Out of scope:
https://quiq.com
https://goquiq.com
These are purely marketing / documentation websites; hosted on a third-party-provider, not under quiq’s control. Whilst we appreciate any reports for these sites, these can not be considered for reward.
https://help.quiq.com
Hosted on third-party SaaS;
Quiq uses third-party SaaS applications to be able to provide services to our clientele, including but not limited to those listed on our sub-processors page.
It is likely that Quiq is unable to accept, or be in a position to take remedial action, for any reports for third-party SaaS web-application use, however we will endeavour to evaluate and respond appropriately should these be provided.
Safe harbor
Quiq will not take action against those that act in a responsible manner, maintain confidentiality, do not disrupt the operation of Quiq’s systems and protect Quiq and our clients data from modification or disclosure. We take vulnerability reports seriously and will respond promptly. We will verify and fix issues in a professional manner that is commensurate with the risk of the issue reported.
Bounty / Compensation
Quiq appreciates and may reward the efforts of independent security researchers whose ethical hacking efforts make the internet a safer place. At Quiq’s sole discretion, you may be eligible for reward or recognition for your responsible disclosure.
If you believe you have found a security vulnerability, please contact us immediately at security@quiq.com. Please include detailed steps to reproduce, sample outputs and any additional information that allows us to investigate and remedy any reported issues.
Please use the following service https://yopass.quiq.com when reporting vulnerabilities that may contain sensitive information.
Thank you.