We're extremely grateful for users that identify and report vulnerabilities to the EHRbase community. All reports are thoroughly investigated, confirmed and patched as soon as possible.
Given that EHRbase is used to handle sensitive, medical data, we would like to ask you to submit the vulnerability to ehrbase-security@vitagroup.ag, to allow triaging and handling of the vulnerability with standardized processes and response times.
Reporting vulnerabilities according to regular responsible disclosure policies allows us to confirm and provide a patch based on your report before a full disclosure, preventing in-the-wild exploitation of the vulnerability.
- You think you discovered a potential security vulnerability in EHRbase
- You are unsure how a vulnerability affects EHRbase
- You need support in securely deploying/operating EHRbase
- You need support for additional environment-dependent security measures
- You need support in security related updates
- Your issue is not related to security
Each report is acknowledged, analyzed and responded to by the team as soon as possible.
We will notify you as soon as the issue is triaged and we identify a fix and a release date, and create a full disclosure after a patch is released.