Responsible Disclosure Policy

Healow asks its clients and security researchers to allow healow the opportunity to investigate and correct a vulnerability within a reasonable timeframe. This research period enables Healow to develop, test, and distribute a corrective patch to its clients.

In the event of software vulnerabilities, Healow determines the best course of action to remediate the situation and provide the necessary patch.

Reporting a System Vulnerability to Healow  

• Submit a Vulnerability Report via: vulnerability-healow@healow.com
• In your report, please include the following information:
  • Product name
  • Product version
  • Area of the product where the vulnerability was detected
  • Conditions under which the vulnerability was identified
• Include detailed information in the Vulnerability Report e-mail to enable the healow Security Team to reproduce the vulnerability
• Allow a reasonable amount of time for healow to correct the issue before making any information public

Please note that this report should not be construed as encouragement or permission to perform any of the following activities:

• Decompile, disassemble, or reverse-engineer any software
• Modify or destroy data
• Hack, penetrate, or otherwise attempt to gain unauthorized access to customer data in violation of applicable law
• Adversely impact Healow operations or systems

Healow does not waive any rights or claims with respect to such activities or any others. This document is not intended to, and does not, replace contracted for terms and conditions previously negotiated between Healow and its Customers.

Your help is appreciated in disclosing vulnerabilities to Healow in a responsible manner.

Thank you, Healow