QBE’s Responsible Disclosure Program
As an international insurer and reinsurer, the QBE Group continually works to protect our information and systems. We value the security community, and the investigative efforts of security researchers with ethical principles.
If you believe you’ve discovered a potential security vulnerability within the QBE Group, or one of our services or products, we would like you to let us know as quickly as possible by emailing our Global Security Operations Centre at firstname.lastname@example.org.
We are committed to reviewing all reports disclosed to us. We request that you provide us with a reasonable timeframe to complete our review and, if necessary, remediate or mitigate the potential security vulnerability.
Please do not publicly disclose the details of any potential security vulnerabilities without express written consent from us.
QBE does not condone any malicious or illegal behaviour in the identification and reporting of security vulnerabilities and you should not engage in any activity that violates applicable laws.
Please be aware that QBE does not compensate for disclosure.
Please review further details about our Responsible Disclosure Program here.