Blue Goat CyberSMMedical Device Cybersecurity
    K
    Security

    Coordinated Vulnerability Disclosure.

    If you believe you've found a security vulnerability in a Blue Goat Cyber service - or in a medical device we support - we want to hear from you.

    Submit a vulnerability report

    Use this secure form to send the basics of your finding. For sensitive technical details, email [email protected] - we'll reply with a PGP key on request.

    Our commitments to you

    • • We will acknowledge your report within 3 business days.
    • • We will work with you to understand and validate the issue.
    • • We will not pursue legal action for good-faith research conducted under this policy.
    • • We will credit you publicly once a fix is shipped, if you wish.

    What to include in your report

    • • Affected product, service, or URL.
    • • Steps to reproduce, including any required configuration.
    • • Impact you believe the issue could have.
    • • Whether you've discussed it with anyone else.

    Safe harbor & responsible disclosure

    Please give us a reasonable time to investigate and remediate before disclosing publicly. Avoid privacy violations, service degradation, and destructive testing. Do not access or modify data belonging to others.

    Reporting an issue in a customer's medical device?

    We will coordinate with the device manufacturer and, where applicable, the FDA and CISA under accepted CVD practices.

    Email our CVD team
    Postmarket cybersecurity

    Coordinated Vulnerability Disclosure is one piece of a full postmarket cybersecurity program. We help manufacturers stand the rest up.

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ submissions.