Anumana is committed to ensuring the safety and security of our products. We accomplish this by incorporating Cybersecurity across the total-product-lifecycle of our products and solutions, including the timely management of security vulnerabilities.
Our Coordinated Vulnerability Disclosure policy is intended to give security researchers and customers clear guidelines for reporting product security vulnerabilities to Anumana.
This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities. Anumana openly accepts vulnerability reports for currently supported products and solutions.
This statement applies to all supported Anumana medical products and solutions. Our goal in partnership with you as the submitter of a vulnerability is to reduce risk to patient safety by managing the impact and correcting the issues for our solutions impacted by new vulnerabilities.
The scope of our vulnerability reporting process does not include technical support information on our products or for reporting Product Quality Complaints. If you need to report one of these, please contact: email@example.com
If you have identified a potential security vulnerability affecting Anumana products please contact us by sending an email to firstname.lastname@example.org.
You may use our PGP Public Key to encrypt your email submission. The Public Key can be found on PGP public key servers (keyserver.pgp.com) by the key id: 869D8EE249C8F635D4DF979E6F25B266D42E71DC
Do not include sensitive personal information in any screenshots or other documents or content you provide to us. Emails and reports should be written in English where possible.
When contacting us, please provide us with technical information including:
We are willing to work in good faith with security researchers who test and submit vulnerabilities according to these guidelines:
Within 5 business days, we will acknowledge receipt of the initial email
All aspects of this process are subject to change without notice, as well as case-by-case exceptions.
Any information shared with Anumana may be used by Anumana without restriction. Submitting any information through this disclosure process does not create any rights or guarantees for the submitter nor does it create any obligations for Anumana.
Featuring key corporate highlights and an overview of Anumana's technology