Qt customers with a commercial license now have the opportunity to subscribe to the Qt Early Warning List in the Customer Portal. The EWL subscription requires an active commercial license.
What Is the Early Warning List?
The Early Warning List, as a part of Qt’s vulnerability management practices, allows signing up for early notifications on security issues found in Qt products.
In case of a found security issue, Qt sends the first Early Warning List emails as soon as the new issue is verified, along with assigning it a CVE number. Once a patch is available, a second EWL email is sent, and a third email when the patch is integrated into a release along with public communications such as a blog post, security advisory, and a public CVE database update.
Details of the Security Issue handling are defined in the Support Terms in section 9.1.
Check out also this example CVE case with EWL emails.
How to Sign Up to the Early Warning List
License Managers can add people in the EWL as follows:
- Log in to the Customer Portal at account.qt.io.
- Under your name on top right, go to My Profile.
- Open the Early Security Warnings tab, see who’s on the list from your company, and add the people you want.
In addition to those who are typically in contact with Qt, it is possible to also add other stakeholders for your company, such as security team members.
EWL as a Part of Qt’s Broader Cybersecurity Strategy
Enabling an easy self-service sign-up to the Early Warning List is a part of Qt’s cybersecurity strategy and commitment to robust vulnerability management processes and practices. Along with the earlier CNA authorization, ISO 27001:2022 certification, software bill of materials, and the extension of the long-term support period of our LTS releases, the EWL also aligns with Qt Group’s commitment to comply with cybersecurity laws and regulations, including the recent EU Cyber Resilience Act (CRA).
