Consent before checks
QScout Surface starts only after requester authorization and business-email verification. The approved public-surface snapshot is capped to explicitly approved hosts.
Evidence signature
Every page keeps scope, evidence, and next action visible.
No customer data.
Scope is stated. Evidence is reviewable. Action is governed. No customer data.
Security & assessment safety
See exactly how QScout separates consented public-surface intake from governed, operator-led assessment depth — with signed evidence at every step.
In plain terms: QScout is consented, non-penetrative assessment intake. It reviews your public web, TLS, DNS and certificate surfacefor quantum-exposed cryptography — and only crosses into deeper, credentialed assessment after you approve the scope.
Public intake is authorized, non-penetrative, and bounded to approved scope.
The signal crosses the consent boundary only after authorization. Public score-signing rollout remains staged; governed artifacts stay in controlled evidence lanes.
These are the quantum-computing platforms our threat model and validation work calibrate against — not customer references.
QScout Surface starts only after requester authorization and business-email verification. The approved public-surface snapshot is capped to explicitly approved hosts.
QScout Surface reviews public HTTP, TLS, DNS, certificate, email-crypto, and observable exposure evidence. It does not exploit, authenticate, enumerate private assets, or behave like QScout Silver or QScout Gold.
Raw findings, cryptographic bill-of-materials (CBOM) output, signed bundles, and privileged evidence stay in operator-led scoped assessment lanes after buyer approval.
Contact/ticket intake starts governed procurement after scope alignment; legacy Marketplace routes are not a self-serve catalog or public rate card.
Signed-proof & compliance evidence
ML-DSA-65 signing is present and self-test verified; public signed-artifact delivery stays staged until it is enforced on the public path. The platform maps to 15compliance frameworks — aligned to, not certified.
No customer telemetry is used. Synthetic placeholders only.
Assessment boundary
QScout Surface stays browser-safe and capped. QScout Silver and QScout Gold add credentialed and privileged evidence only when approved; QScout Pulse keeps the baseline current afterward.
74-module governed catalog available after approved scope; Surface covers approved public-surface evidence first.
Surface plus approved credentials through application, source, build, dependency, authenticated workflow, and integration evidence.
Silver plus approved privileged infrastructure, runtime, telemetry, CBOM, cryptographic inventory, and governed evidence packaging.
Continuous cryptographic risk intelligence after a governed QScout baseline: scheduled reassessment, event-triggered updates, drift reporting, and exposure-regression monitoring.