Cadwell Vulnerability Disclosure Program

At Cadwell, we take the security of our systems very seriously. We value the contributions of the security community in this endeavor. The disclosure of security vulnerabilities aids in ensuring security and privacy for our users and their patients. If you believe you have identified a vulnerability within a Cadwell system, we encourage you to submit the relevant information through the channel outlined below.

Guidelines:

To maintain transparency and integrity in our vulnerability disclosure program, we ask all researchers and reporters to adhere to the following guidelines:

Utilize the designated communication channels (form below) to report vulnerability information.
Conduct research activities in compliance with all applicable U.S. and Non-U.S. federal, state, and local laws and regulations.
Under no circumstances exfiltrate, store, share, destroy, or otherwise compromise any Cadwell, customer, or third-party data.
Immediately cease all activity and notify Cadwell if personal information/personal data is encountered.
Restrict testing activities to the minimum necessary to ascertain the existence of a vulnerability or issue; refrain from exploiting any discovered vulnerability beyond this scope.
Do not use reported or validated findings to enumerate or exploit Cadwell, other companies, or individuals.
Do not take action that could potentially degrade or disrupt our systems, assets, products, and platforms, such as denial of service (DoS/DDoS) testing.
Disengage from any activity that may pose harm to Cadwell employees, our customers, or any third parties.
Do not disclose details regarding any discovered vulnerabilities to anyone other than Cadwell without Cadwell’s written permission.
All research should follow the hackerone guidelines.

If you have any concerns or are unsure about the consistency of your security research with this policy, we encourage you to submit a report through our official channel (form below) before proceeding further.

Expectations:

When engaging with Cadwell under this policy, you can anticipate the following:

Timely acknowledgment of your report.
Collaborative efforts to understand and validate your findings.
Appropriate addressing of your findings by our team at Cadwell.
Potential collaboration on broader cybercrime issues based on your findings, as deemed appropriate.
An open dialogue to discuss any identified issues.

Safe Harbor:

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Report a Security Vulnerability

If you believe you have discovered a security vulnerability in a Cadwell system, please submit a report to the Cadwell Vulnerability Disclosure Program utilizing the form below.

Cadwell will confirm receipt of your report within five business days.

Name(Required)

First Last

Email(Required)

Company/Organization(Required)

Description of the potentially impacted Cadwell system(Required)

Explanation of the vulnerability's potential impact and how it was discovered.(Required)

File Upload: Please provide any supporting documentation (PoC scripts, screenshots, etc.)

Drop files here or

Accepted file types: doc, docx, jpg, gif, png, pdf, Max. file size: 50 MB.

Are you a robot?