Coordinated Vulnerabilities Disclosure Policy
To report potential vulnerabilities in SCIEX products please contact SCIEX Support at SCIEX Support, and then submit the following information:
- Your contact information (including name, address, phone number, and e-mail)
- Affected SCIEX products
- Product name
- Version number
- Configuration details
- Steps to reproduce
- Privileges required
- Results or impact
Upon receipt of a potential product vulnerability submission, SCIEX will:
- Evaluate and validate the reported findings
- Contact the submitter to request additional information, if needed
- Take appropriate action
When conducting your security research, please avoid actions that could cause harm to patients or products. Note that vulnerability testing could negatively impact a product. Therefore, testing should not be conducted on active products in a clinical setting, and products subjected to security testing should not subsequently be used in a clinical setting. In case of doubt, please contact a SCIEX representative.
SCIEX reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested.
CAUTION: Potential Exposure of Proprietary Information. Do not include sensitive information such as sample information, PHI, and PII in any documents submitted to SCIEX. Comply with all laws and regulations in the course of your testing activities.
Note: When sharing any information with SCIEX, you agree that the information you submit will be considered non-proprietary and non-confidential and that SCIEX is allowed to use such information in any manner, in whole or in part, without any restriction.