QIST Foundation — Security & Responsible Disclosure

1. Scope

This page describes how QIST Foundation ("QIST") prefers to receive information about potential security issues related to its public websites and research materials.

QIST operates informational sites and may from time to time publish code samples, reference implementations, or open-source projects. No production financial or transactional systems are operated by QIST.

2. Reporting Potential Vulnerabilities

If you believe you have identified a security issue affecting a QIST website or publicly released code sample, you can report it to:

contact@qist.foundation

Please include enough detail to reproduce the issue, along with any relevant context or potential impact. QIST may follow up with clarifying questions as needed.

3. Prohibited Activities

QIST does not authorize any of the following activities on its systems or infrastructure:

• Denial-of-service attacks or traffic flooding
• Attempts to access private data or accounts
• Automated scanning that degrades service availability
• Exploitation of issues beyond what is required to demonstrate impact

You must comply with applicable laws when investigating potential issues and avoid harming QIST, its collaborators, or other users.

4. No Guarantee of Rewards or Attribution

QIST does not currently operate a public bug bounty or reward program. Submission of a vulnerability report does not create any entitlement to financial compensation, employment, or formal collaboration.

Where appropriate and mutually agreed, QIST may acknowledge contributors in research artifacts or changelogs, but such recognition is not guaranteed.

5. Future Updates

As QIST's research and technical activities evolve, this Security & Responsible Disclosure guidance may be updated. Any substantial changes will be reflected on this page.