Blue Goat CyberSMMedical Device Cybersecurity
    K
    Security

    Coordinated Vulnerability Disclosure.

    If you believe you've found a security vulnerability in a Blue Goat Cyber service - or in a medical device we support - we want to hear from you.

    Submit a vulnerability report

    Use this secure form to send the basics of your finding. For sensitive technical details, email cvd@bluegoatcyber.com - we'll reply with a PGP key on request.

    Our commitments to you

    • • We will acknowledge your report within 3 business days.
    • • We will work with you to understand and validate the issue.
    • • We will not pursue legal action for good-faith research conducted under this policy.
    • • We will credit you publicly once a fix is shipped, if you wish.

    What to include in your report

    • • Affected product, service, or URL.
    • • Steps to reproduce, including any required configuration.
    • • Impact you believe the issue could have.
    • • Whether you've discussed it with anyone else.

    Safe harbor & responsible disclosure

    Please give us a reasonable time to investigate and remediate before disclosing publicly. Avoid privacy violations, service degradation, and destructive testing. Do not access or modify data belonging to others.

    Reporting an issue in a customer's medical device?

    We will coordinate with the device manufacturer and, where applicable, the FDA and CISA under accepted CVD practices.

    Email our CVD team
    Free tools

    Stand up a CVD program in an afternoon.

    Generate a §524B-aligned disclosure policy, then size your postmarket monitoring cadence.

    All free tools
    Postmarket cybersecurity

    Coordinated Vulnerability Disclosure is one piece of a full postmarket cybersecurity program. We help manufacturers stand the rest up.

    Postmarket cybersecurity services

    Vulnerability monitoring, CVD intake, patch validation, and FDA reporting workflows.

    Read Postmarket cybersecurity services

    FDA-compliant SBOMs

    SPDX/CycloneDX SBOMs with continuous CVE/KEV mapping - the foundation of any CVD program.

    Read FDA-compliant SBOMs

    Legacy medical device cybersecurity

    Managing security for deployed devices that pre-date current FDA guidance.

    Read Legacy medical device cybersecurity

    Medical device penetration testing

    Independent testing to find issues before researchers report them through CVD.

    Read Medical device penetration testing

    Threat modeling

    Documented threat models that make incoming CVD reports faster to triage.

    Read Threat modeling

    About Blue Goat Cyber

    SDVOSB medical device cybersecurity firm - 250+, zero cyber rejections.

    Read About Blue Goat Cyber
    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.