Vulnerability Disclosure Policy (VDP)

At Quadcode, we prioritize the security of our systems, data, and users. We appreciate the efforts of security researchers in identifying potential vulnerabilities and helping us improve our security posture.

Our official Vulnerability Disclosure Policy is hosted on Intigriti, a trusted bug bounty platform that ensures a structured and efficient process for reporting security vulnerabilities.

We kindly request that all security reports be submitted through our Intigriti program, where they will be promptly reviewed and handled by our security team.

How to Report a Security Vulnerability

If you have discovered a security vulnerability affecting our systems, please follow these steps:

1. Visit our official Vulnerability Disclosure Program (VDP) on Intigriti. Submit a report here.

2. Carefully review the program details on Intigriti, including:

   • Scope – a list of assets that are in-scope and out-of-scope

   • Rules of engagement – guidelines on what types of testing are allowed and prohibited

   • Submission requirements – what details should be included in a valid report

   • Eligibility and rewards – criteria for valid submissions and potential recognition

3. Submit your report through Intigriti, ensuring that you provide:

   • A clear description of the issue

   • Steps to reproduce

   • Potential impact

   • Suggested remediation (if applicable)

4. Do not publicly disclose the vulnerability before we have had an opportunity to investigate and remediate the issue.

Scope

For a list of in-scope assets, testing guidelines, and reward eligibility, please refer to our Intigriti VDP page.

Our Commitment

• We will acknowledge your report within a reasonable timeframe.

• We will provide updates on the remediation process.

• We will recognize your contribution if the report is valid and impactful.

By submitting a report, you agree to follow responsible disclosure principles and comply with applicable laws.