Type keywords...

F2 Healthcare

Responsible Disclosure Policy

Last updated: January 18, 2021

The F2 Healthcare security team acknowledges the valuable role that independent security researchers play in internet security. As a result, we encourage responsible reporting of any vulnerabilities that may be found in our site or applications. F2 Healthcare is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us.

Please review these terms before you test and/or report a vulnerability. F2 Healthcare pledges not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.

Testing for security vulnerabilities

At F2 Healthcare we investigate all received vulnerability reports and implement the best course of action in order to protect our customers. If you are a security researcher and have discovered a security vulnerability in our products, we appreciate your help in disclosing it to us in a responsible manner.

If you identify a verified vulnerability in compliance with F2’s Responsible Disclosure Policy, F2 Healthcare commits to:

  • Provide prompt acknowledgement of receipt of your vulnerability report (within 72 business hours of submission)
  • Work closely with you to understand the nature of the issue and work on timelines for fix/disclosure together
  • Notify you when the vulnerability is resolved, so that it can be re-tested and confirmed as remediated
  • Publicly acknowledge your responsible disclosure (if you wish credit for such disclosure)

Reporting a potential security vulnerability

Privately share details of the suspected vulnerability with F2 Healthcare by sending an email to info@f2healthcare.com. Provide full details of the suspected vulnerability so the F2 security team may validate and reproduce the issue.

F2 Healthcare does not permit the following types of security research

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:

  • Performing actions that may negatively affect F2 Healthcare or its users (e.g. Spam, Brute Force, Denial of Service…)
  • Accessing, or attempting to access, data or information that does not belong to you
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
  • Conducting any kind of physical or electronic attack on F2 Healthcare personnel, property or data centers
  • Social engineering any F2 Healthcare employees or contractors
  • Conduct vulnerability testing of participating services using anything other than test accounts
  • Violating any laws or breaching any agreements in order to discover vulnerabilities F2’s

F2’s President and security team review this Responsible Disclosure Policy from a legal and operational perspective on a yearly basis.

Companies we've helped build