Evidence signature
Every page keeps scope, evidence, and next action visible.
No customer data.
Scope is stated. Evidence is reviewable. Action is governed. No customer data.
Qtonic Quantum does not currently operate a standing public cash bug bounty on the marketing site. Security researchers should use the public vulnerability disclosure route for good-faith reports.
Public disclosure is welcomed within stated boundaries, but reward terms are not implied by this page.
Reports should stay within the published safe-harbor boundaries and use the disclosure route for coordination. We aim to acknowledge valid security reports within five business days even when no public reward program is active. This target is aspirational and not a contractual commitment.
Send coordinated vulnerability reports to security@qtonicquantum.com.
If a formal reward program is launched, this route will publish the official terms, scope, exclusions, and reward handling rules.