HemoCue will not engage in legal action against individuals who in good faith submit vulnerability reports in accordance with our coordinated vulnerability disclosure process. We openly accept reports for the currently supported products and services from individuals who
- Engage in testing our products and/or research without harming HemoCue or its customers
- Engage in vulnerability testing within the scope of our vulnerability disclosure program and avoid testing against products and/or services being actively used for patient care delivery, diagnostics or monitoring
HemoCue considers it a key priority to provide safe products and services including protecting personal information. Therefore, when conducting your security research, please avoid actions that could cause harm to patients or products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a clinical setting, and products subjected to security testing should not subsequently be used in a clinical setting. If there is any doubt, please contact a HemoCue representative.
HemoCue reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested.
CAUTION: Do not include sensitive information (e.g., sample information, PHI, PII, etc.) in any documents submitted to HemoCue. Comply with all laws and regulations in the course of your testing activities.
Note: When sharing any information with HemoCue, you agree that the information you submit will be considered non-proprietary and non-confidential and that HemoCue is allowed to use such information in any manner, in whole or in part, without any restriction.