The qBraid team takes the security of our software products and services seriously. This includes all aspects of our cloud platform, as well as all source code repositories managed through our GitHub organization. We encourage the responsible disclosure of any security vulnerabilities.

To report a security vulnerability, please use the GitHub security advisories feature for the qBraid community page:

Report a security vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If your report is specifically related to the qBraid-SDK, please use the following dedicated security vulnerability reporting link.

After submitting a vulnerability, you can expect the following:

• Acknowledgment of your report within 24 hours.
• Communication from our security team about the next steps and any additional information we might require to verify or investigate the issue.
• Updates on the progress of addressing the reported issue.
• Notification when the issue is resolved, along with details of the fix and the release in which the fix will appear.

Please provide as much of the following information as possible to help us better understand the nature and scope of the vulnerability:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting).
• Full paths of source file(s) related to the issue, if applicable.
• The location of the affected source code (tag/branch/commit or direct URL).
• Any special configuration required to reproduce the issue.
• Step-by-step instructions to reproduce the issue.
• Proof-of-concept or exploit code, if possible.
• Impact of the issue, including how an attacker might exploit it.

This information will help us triage your report more quickly and accurately.