• Developers
    • Developers Price. Buy. Download. Try.

    Policies, Notices and Other Agreements

    Responsible Vulnerability Disclosure Agreement

    At The Qt Company, we take the security of our systems and data very seriously. We recognize the important role that external researchers and customers can play in helping us identify and address potential vulnerabilities. We encourage responsible disclosure of any security issues that are discovered.

    If you believe you have discovered a security issue in our systems or data, we encourage you to report it as soon as possible. To report, please follow the steps outlined below:

    For Qt Group open-source offerings:

    • Submit a report by emailing security@qt-project.org, including a detailed description of the potential vulnerability and, if applicable, a demonstration of the issue, flaw, or other supporting materials.
    • Qt Project representatives will review your report, determine the relevance and (if applicable) the severity of an issue, and—insofar as is reasonably possible—identify potential impacts on our systems, products or data.
    • We will work to validate the vulnerability (this may involve working with you) and potential exploits.
    • If and when an issue has been validated as a vulnerability, we will take appropriate measures designed to address the vulnerability and prevent exploitation.
    • We will, as necessary, release any needed public disclosures.

    For Qt Group commercial offerings:

    • Submit a report by emailing security@qt.io, including a detailed description of the potential vulnerability and, if applicable, a demonstration of the issue, flaw, or other supporting materials.
    • Our security team will review your report, determine the relevance and (if applicable) the severity of an issue, and—insofar as is reasonably possible—identify potential impacts on our systems, products or data.
    • We will work to validate the vulnerability (this may involve working with you) and potential exploits.
    • If and when an issue has been validated as a vulnerability, we will take appropriate measures designed to address the vulnerability and prevent it from being exploited.
    • We will, as necessary, release any needed public disclosures.

    We appreciate the efforts of external researchers and customers in helping us maintain the security of our systems and data. We are committed to working to address issues identified responsibly and on time.