We at Clinical Support Systems take user security very seriously, which is why it is very important for us to make it as easy and clear as possible for people to alert us to potential security concerns. The proper procedure should you find such a bug is as follows:
- Write an email detailing the precise nature of the vulnerability or POC.
- Encrypt your message with our PGP public key.
- Send it to firstname.lastname@example.org.
We will respond to you as soon as possible, likely within 24 hours. If we have any further questions, expect a response back. Do not report security issues on any public forum.
We encourage everyone interested in submitting a disclosure to read the IETF’s “Responsible Vulnerability Disclosure Process” and follow the guidelines and principles within.
Depending on the severity and scale of the vulnerability, you may (at your discretion) be recognized for your work. We are not offering monetary compensation at this time. All reports are subject to a 30 day embargo for user safety.
Thanks for reading! #disclose