About

Responsible disclosure

Responsible disclosure policy for reporting security issues affecting Quanten Security public web properties.

Page map

Page sections

Scan the major sections before moving into the full technical detail.

Section How to report Send vulnerability reports to info@4eck-media.de. Include affected URLs, reproduction steps, observed impact, and any safe proof-of-concept details. Request current PGP details before sending sensitive... Section Scope Internet-facing Quanten Security services are in scope. Denial-of-service testing, physical attacks, social engineering, and third-party systems are out of scope. Researchers must avoid data... Section Safe harbor Good-faith research that follows this policy, avoids privacy impact, and does not disrupt services will not be treated as hostile activity by Quanten Security.... Section Response targets Initial acknowledgement target: two business days. Triage target: five business days. Coordinated disclosure timelines are agreed case by case. We ask researchers to give... Section Acknowledgements Researcher acknowledgements are published only with the researcher’s consent.
About · Disclosure

Report a vulnerability. Get a response.

Contact security team

How to report

Send vulnerability reports to info@4eck-media.de. Include affected URLs, reproduction steps, observed impact, and any safe proof-of-concept details. Request current PGP details before sending sensitive exploit material.

Scope

  • Internet-facing Quanten Security services are in scope.
  • Denial-of-service testing, physical attacks, social engineering, and third-party systems are out of scope.
  • Researchers must avoid data access, persistence, destructive testing, and service disruption.

Safe harbor

Good-faith research that follows this policy, avoids privacy impact, and does not disrupt services will not be treated as hostile activity by Quanten Security. This statement does not authorise testing against third-party systems or waive obligations under applicable law.

Response targets

  • Initial acknowledgement target: two business days.
  • Triage target: five business days.
  • Coordinated disclosure timelines are agreed case by case.

We ask researchers to give us a reasonable remediation window before public disclosure and to coordinate timing when customer data, active exploitation, or supply-chain exposure may be involved.

Acknowledgements

Researcher acknowledgements are published only with the researcher’s consent.