submit bug report: https://www.philips.com/a-w/security/coordinated-vulnerability-disclosure.htmlPhilips is committed to ensuring the safety and security of patients, operators and customers who use our products and services. Philips maintains a global network of product security officers for developing and deploying advanced best practice security and privacy features for our products and services, as well as for managing security events.
Philips operates under a global product security policy, which guides our incident management and all risk assessment activities relating to potential security and potential privacy vulnerabilities identified in our products and services. Philips supports coordinated vulnerability disclosure, and encourages vulnerability testing by security researchers and by customers, with responsible reporting to Philips. To this end, Philips maintains a product security page with information on coordinated vulnerability disclosure at
www.philips.com/security.
When submitting reports of vulnerability findings, please ensure the following procedures are followed, for safe and efficient support.
Our PGP public key (2.0KB)
Reporting Procedure
1. Please use our PGP public key to encrypt any email submissions to us at
[email protected].
2. Please provide us with your reference/advisory number and sufficient contact information, such as your organization and contact name so that we can get in touch with you.
3. Please provide a technical description of the concern or vulnerability.
a) Please provide information on which specific product you tested, including product name and version number; the technical infrastructure tested, including operating system and version; and any relevant additional information, such as network configuration details.
b) For web based services, please provide the date and time of testing, URLs, the browser type and version, as well as the input provided to the application.
4. To help us to verify the issue, please provide any additional information, including details on the tools used to conduct the testing and any relevant test configurations. If you wrote specific proof- of-concept or exploit code, please provide a copy. Please ensure all submitted code is clearly marked as such and is encrypted with our PGP key.
5. If you have identified specific threats related to the vulnerability, assessed the risk, or have seen the vulnerability being exploited, please provide that information also PGP-encrypted.
6. If you communicate vulnerability information to vulnerability coordinators such as ICS-CERT, CERT/CC, NCSC or other parties, please advise us and provide their tracking number, if one has been made available.
7. When possible provide the report in English to expedite the process.
