{"id":29553,"date":"2025-10-21T08:51:26","date_gmt":"2025-10-21T06:51:26","guid":{"rendered":"https:\/\/qlinea.com\/cybersecurity\/"},"modified":"2025-10-21T09:15:47","modified_gmt":"2025-10-21T07:15:47","slug":"cybersecurity","status":"publish","type":"page","link":"https:\/\/qlinea.com\/us\/cybersecurity\/","title":{"rendered":"Cybersecurity"},"content":{"rendered":"\r\n<section class=\"content_text contentmodule alignfull\" style=\"background-color: #fff\" data-text-color=\"''\">\r\n    <div class=\"wrapper\">\r\n        <div class=\"textWrapper\"><h1>Coordinated Vulnerability Disclosure (CVD) Policy<\/h1>\n<p><strong>At Q-linea, cybersecurity is a natural priority, and we believe that close collaboration with the security community is the key to maintaining trust and security in our systems.\u00a0<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h2>Purpose<\/h2>\n<p>This Coordinated Vulnerability Disclosure (CVD) Policy outlines the procedures and responsibilities for the intake, assessment, remediation, and disclosure of cybersecurity vulnerabilities associated with the ASTar System. The goal is to promote patient safety and maintain the integrity, availability, and confidentiality of our product throughout its lifecycle.<\/p>\n<p>&nbsp;<\/p>\n<h2>Scope<\/h2>\n<p>This policy applies to all components of the ASTar System, including software, operating system, hardware, and third-party software packages integrated into the system. This policy has been developed in accordance with ISO\/IEC 29147:2018.<\/p>\n<p>&nbsp;<\/p>\n<h2>Vulnerability Reporting<\/h2>\n<p>We encourage responsible researchers, customers, and other stakeholders to report any suspected cybersecurity vulnerabilities to us.<\/p>\n<ul>\n<li>Email: <a href=\"&#x6d;&#x61;&#x69;&#x6c;&#116;&#111;&#58;&#115;ecu&#x72;&#x69;&#x74;&#x79;&#x40;&#113;&#108;&#105;nea&#x2e;&#x63;&#x6f;&#x6d;\">&#115;e&#x63;u&#x72;&#105;&#x74;&#121;&#x40;&#113;l&#x69;n&#x65;&#97;&#x2e;&#99;&#x6f;&#109;<\/a>\n<ul>\n<li>(Contact us for guidance on how to communicate via encrypted e-mail)<\/li>\n<\/ul>\n<\/li>\n<li>Alternative contact: Product support portal (<a href=\"https:\/\/qlinea.com\/us\/support-zone\/\">Support zone | Q-linea<\/a>).<\/li>\n<\/ul>\n<p>We request that the report includes, if available:<\/p>\n<ul>\n<li>A detailed description of the vulnerability<\/li>\n<li>Steps to reproduce<\/li>\n<li>Impact assessment (if known)<\/li>\n<li>Affected product versions<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Acknowledgment and Communication<\/h2>\n<p>We will acknowledge receipt of the report within 7 calendar days.<br \/>\nThe reporter will receive status updates at key milestones, including:<\/p>\n<ul>\n<li>Initial validation<\/li>\n<li>Planned public disclosure<\/li>\n<\/ul>\n<p>We strive to resolve valid vulnerabilities within 60-90 calendar days, though timelines may vary depending on severity and complexity.<\/p>\n<p>&nbsp;<\/p>\n<h2>Remediation Process<\/h2>\n<p>All reported vulnerabilities will be:<br \/>\n1. Triage-assessed for validity and severity.<br \/>\n2. Classified based on their impact using the Common Vulnerability Scoring System (CVSS).<br \/>\n3. Addressed through a patch, configuration change, or mitigation as part of our secure product lifecycle processes.<br \/>\n4. Tested and validated prior to release.<\/p>\n<p>&nbsp;<\/p>\n<h2>Disclosure Policy<\/h2>\n<p>We follow a coordinated public disclosure model:<\/p>\n<ul>\n<li>Vulnerabilities will be disclosed after mitigation is available, or after a reasonable time period (typically 90 days).<\/li>\n<li>Disclosure may occur via:\n<ul>\n<li>VINCE [1] or MITRE [2]<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Credit may be given to the reporter if requested and agreed upon.<\/p>\n<p>&nbsp;<\/p>\n<h2>Non-Retaliation Statement<\/h2>\n<p>We will not pursue legal action against individuals who submit vulnerability reports in good faith and in accordance with this policy.<\/p>\n<p>&nbsp;<\/p>\n<h6>References<\/h6>\n<p>1. <a href=\"https:\/\/kb.cert.org\/vince\/\">https:\/\/kb.cert.org\/vince\/<\/a><\/p>\n<p>2. <a href=\"https:\/\/cveform.mitre.org\/\">https:\/\/cveform.mitre.org\/<\/a><\/p>\n<p>&nbsp;<\/p>\n<\/div>\r\n    <\/div>\r\n<\/section>\r\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":68,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-29553","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/pages\/29553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/comments?post=29553"}],"version-history":[{"count":1,"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/pages\/29553\/revisions"}],"predecessor-version":[{"id":29554,"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/pages\/29553\/revisions\/29554"}],"wp:attachment":[{"href":"https:\/\/qlinea.com\/us\/wp-json\/wp\/v2\/media?parent=29553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}