Missing Referrer header. The Referrer header is required to ensure this is an approved domain for submitting vulnerabilities.
Tunstall's Vulnerability Disclosure Policy
Vulnerability Disclosure Philosophy
Tunstall Healthcare Group (‘Tunstall’ or ‘the Company’) believes e ective disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between Tunstall and Security Researchers. Together, our collective expertise promotes the continued security and privacy of Tunstall customers’ data, products, and services.
Security Researchers
Tunstall accepts vulnerability reports from all sources such as independent Security Researchers, industry partners, vendors, customers and consultants. Tunstall defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability, or confidentiality of our products and services.
Scope
This policy applies to any digital assets owned, operated, or maintained by Tunstallor any of its subsidiaries, including public-facing websites, SaaS platforms and IoT devices.
Our Commitment to Researchers
- Trust. We maintain trust and confidentiality in our professional exchanges with security researchers.
- Respect. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.
- Transparency. We will work with you to validate and remediate reported vulnerabilities in accordance with our commitment to security and privacy.
- Common Good. We investigate and remediate issues in a manner consistent with protecting the safety and security of those potentially affected by a reported vulnerability.
What We Ask of Researchers
- Trust. We request that you communicate about potential vulnerabilities in a responsible manner and secure manner, providing sufficient time and information for our team to validate and address potential issues.
- Responsibility. Please ensure that no system is left in a more vulnerable state than when it was found. Do not degrade the user experience, disrupt production systems, or destroy or manipulate any data.
- Respect. Please refrain from any action that might be considered a privacy violation, cause the destruction of data, or interrupt or degrade our service.
- Legal Compliance. Please notify us as soon as possible after you discover a real or potential security issue, and do not access, view, or download any personal information. We request you to not violate any applicable laws, which may include but are not limited to applicable privacy law.
- Transparency. We request that researchers provide su icient technical details and supporting information to enable our team to identify, reproduce, and validate reported issues using the reporting form below.
- Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues.
Vulnerability Reporting
Tunstall recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by Tunstall (or that would reasonably impact the security of Tunstall and our users) using the web form below. The Tunstall Security team will acknowledge receipt of each vulnerability.
The Company commits not to initiate or support any legal action against Security Researchers who discover and report vulnerabilities in good faith, provided their activities comply with this Coordinated Vulnerability Disclosure Policy.