Blue Goat Cyber logoBlue Goat CyberSMMedical Device Cybersecurity
    K
    Editorial standards

    How we source, review, and correct the newsroom.

    Plain-English version of our editorial process so you know what you're reading, who reviewed it, and how to flag an error.

    Who we are

    Blue Goat Cyber is a medical device cybersecurity firm. Our newsroom is run by the BGC Research team and edited by Christian Espinosa, founder, with input from the penetration testing, threat modeling, and compliance practice leads.

    Where our news comes from

    • Primary sources only. the FDA Safety Communications, CISA KEV and ICS-MA advisories, AAMI standards releases, NIST publications, EU MDCG guidance, and named vendor security advisories. We link the primary source on every item.
    • Curation, not aggregation. The Regulatory Tracker and the Goat Feed are hand-picked by the BGC Research team for relevance to medical device manufacturers. We skip generic IT security news.
    • Google News strip on /news shows uncurated, auto-discovered third-party mentions and is labeled "Auto" so it is clearly separated from curated coverage.

    How AI is used

    We use AI to help draft The Goat's Weekly summaries and to accelerate research. Every AI-drafted issue is reviewed by a member of the BGC Research team before publish, and the model is constrained to facts that appear in the source items it was given. We do not let AI invent dates, CVE numbers, FDA guidance versions, vendor names, or quotes. When the source set is too thin for confident reporting, the issue runs as a recent-highlights recap or is held.

    Press releases, services pages, and the Regulatory Tracker entries themselves are written and reviewed by humans. Pages that include meaningful AI assistance say so.

    Corrections policy

    If you find an error of fact, email info@bluegoatcyber.com with the URL and the issue. We aim to respond within one business day. Material corrections (dates, CVE numbers, attributions) are noted inline at the bottom of the affected page with the date of the correction. Minor typo fixes are made silently.

    Editorial independence

    We do not accept paid placements, sponsored mentions, or vendor-supplied copy in the newsroom. Vendor advisories we cover are linked because they are publicly disclosed security information, not because of any commercial relationship.

    Conflicts of interest

    Blue Goat Cyber performs cybersecurity services for medical device manufacturers. When we cover a vulnerability or advisory affecting a current or past client, we disclose the relationship inline. Our coverage decisions are not influenced by client status.

    Contact

    Press inquiries, tips, and corrections: info@bluegoatcyber.com.

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.