- If you believe you've discovered a serious vulnerability, please contact the Pop Quiz team at [email protected]. We will evaluate your report and if necessary issue a fix and an advisory. If the issue was previously undisclosed, we'll also mention your name in the credits.
-
In some cases, we may apply a responsible disclosure process to reported or otherwise discovered vulnerabilities. We will usually do that for a critical vulnerability, and only if we have a good reason to believe information about it is not yet public.
-
This process involves providing an early notification about the vulnerability, its impact and mitigations to a short list of vendors under a time-limited embargo on public disclosure.
-
Vendors on the list are individuals or organizations that maintain Pop Quiz distributions or provide Pop Quiz as a service, who have third party users who will benefit from the vendor's ability to prepare for a new version or deploy a fix early.
-
If you believe you should be on the list, please contact us and we will consider your request based on the above criteria.