Bigfoot Biomedical (Bigfoot) is committed to ensuring the safety and security of our customers, caregivers, and partners. Bigfoot has formalized our policy for accepting vulnerability reports about our products and services. We hope to foster an open partnership with the security community, and we recognize that the work the community does is important in continuing to ensure safety and security for all of our customers, caregivers, and partners.
The scope of our coordinated vulnerability disclosure program includes Medical Devices, Software as a Medical Device, and Mobile Medical Applications provided by Bigfoot.
Bigfoot’s Coordinated Vulnerability Disclosure Program currently covers the Bigfoot Unity product.
This policy is not intended to provide technical support information on our products or for reporting Adverse Events or Product Quality Complaints. For technical support or to report an Adverse Event or Product Quality Complaint, please contact us via email: Support@BigfootBiomedical.com
How to Report a Vulnerability
To report a potential vulnerability, please complete the form below. Alternatively you may choose to contact Bigfoot Biomedical via email Security@BigfootBiomedical.com, but please supply the required information on the form. By submitting this form, you agree to abide by the rules outlined below.
We recognize the importance of the work performed by the security community to help safeguard the safety and security of Bigfoot customers and caregivers. We will not engage in legal action against individuals who submit reports through our Coordinated Vulnerability Disclosure process and enter into a legal agreement with us.
We agree to work with individuals who:
Preference, prioritization, and acceptance criteria
We will use the following criteria to prioritize and triage submissions.
What we would like to see from you
Note: Reports that include only crash dumps or other automated tool output may receive lower priority.
What you can expect from us
All aspects of this process are subject to change without notice, as well as for case-by-case exceptions. No particular level of response is guaranteed.
In the event, you decide to share any information with Bigfoot Biomedical, you agree that the information you submit will be considered as non-proprietary and non-confidential and that Bigfoot Biomedical is allowed to use such information in any manner, in whole or in part, without any restriction. Furthermore, you agree that submitting information does not create any rights for you or any obligation for Bigfoot Biomedical.
To request additional information or report a suspected vulnerability, please contact our security group using this form.
SOP-200658 Rev A, 04/20