PSTI Compliance

Safeguarding our customers from security threats is always a top priority for QUAD. As a major player in the global Networking and Smart Home markets, we are fully committed to offering our users secure and reliable products and services while strictly safeguarding the privacy and security of their data.

We encourage and welcome all reports related to product security or user privacy. We will adhere to established procedures to address these reports and provide timely feedback.

We strongly encourage organisations and individuals to contact our security team to report any potential security issues. To report a security or privacy vulnerability, please send an email to security@quad-hifi.co.uk or use the contact form below. Please include details such as the product model, software version, and serial number, and describe the security issue in detail. We will make every effort to respond to the report within 10 working days. Gathering detailed information about the reported vulnerability will allow us to more accurately and quickly begin the verification process.

1. All parties involved in disclosing vulnerabilities must comply with the laws of their country or region.
2. Vulnerability reports should be based on the latest released firmware and preferably written in English.
3. Report vulnerabilities through the dedicated communication channel. Although we may receive reports from other channels, we do not always guarantee that the report will be acknowledged.
4. Always adhere to data protection principles and do not violate the privacy and data security of QUAD product users, employees, agents, services, or systems during the vulnerability discovery process.
5. Maintain communication and cooperation during the disclosure process and avoid disclosing information about the vulnerability before the agreed-upon disclosure date.
6. QUAD does not currently operate a vulnerability bounty program.

We encourage customers, vendors, independent researchers, security organisations, etc., to proactively report any potential vulnerabilities to the security team. Simultaneously, we will proactively obtain information about vulnerabilities in our products from the community, vulnerability repositories, and various security websites in order to be aware of vulnerabilities as soon as they are discovered.

We will respond to vulnerability reports as soon as possible, usually within 10 business days. Our security team will work with the product team to perform a preliminary analysis and validation of the report to determine the validity, severity, and impact of the vulnerability. We may contact you if we need more information about the reported vulnerability.

Once the vulnerability has been identified, we will develop and implement a remediation plan to provide a solution for all affected customers. Remediation typically takes up to 90 days and in some cases may take longer.

You can keep up to date with our progress and the completion of any remediation activities by visiting our firmware and software downloads section. Release notes will detail updates that relate to security improvements and resolutions.

QUAD will issue an update or security advisory when one or more of the following conditions are met:

The QUAD security team has rated the severity of the vulnerability as CRITICAL. We have completed the vulnerability response process and have identified sufficient mitigation solutions to assist customers in eliminating all security risks.

If the vulnerability has been actively exploited and is likely to increase the security risk to our customers, or if it is likely to raise public concern about the security of QUAD products, we will expedite the release of a security bulletin. This bulletin may or may not include a full firmware patch or emergency fix.