1. Home
  2. Products & Support
  3. Product Security (Report a Product Security Issue)

Product Security

Product Vulnerability, Exploit, or Compromise Reporting Procedure

Olympus PSIRT (Product Security Incident Response Team) welcomes security researchers, customers, and any other sources to report vulnerabilities. If you believe you may have discovered a security vulnerability in an Olympus product, please review the following:

Important Notices Prior to Reporting:

  • Olympus PSIRT only accepts information regarding undisclosed vulnerabilities in our Products.
  • Vulnerabilities in third party software/ open-source software should be reported directly to that 3rd party.
  • Olympus PSIRT does not administer a bug bounty program. The security reporter and or other entity hereby acknowledges there is no payment or compensation.
  • Olympus PSIRT does not accept the following as a product vulnerability submission:
    • 1. Claims that our products do not adhere with best security practices.
    • 2. Social Engineering attacks
    • 3. Denial of Service weaknesses
    • 4. TLS configuration issues: Examples include support for weak cipher suites, TLS 1.0, Sweet32, BEAST, etc.
    • 5. Email address verification problems: Issues with verifying email addresses used for user account creation.
    • 6. Self XSS: Cross-Site Scripting (XSS) that only affects the attacker’s own browser.
    • 7. CSRF and CRLF attacks: Only if the impact is minimal.
    • 8. HTTP Host Header XSS: Without a working proof-of-concept.
    • 9. Incomplete or missing SPF/DMARC/DKIM configurations.
    • 10. Security flaws in third-party websites that integrate with our products.
    • 11. Network data enumeration techniques: Such as banner grabbing or publicly available server diagnostic pages.
  • We ask that the vulnerability reporter work with Olympus PSIRT throughout the disclosure process and to co-determine a disclosure date to ensure patient safety and data privacy.
  • Olympus PSIRT asks to fill in all required fields of the vulnerability submission form and provide as much information as possible.
  • We prefer the submission be to be in English.

After Submission:

  • A member of the Olympus PSIRT will review and respond to your submission promptly with next steps.
  • Olympus PSIRT will work with the applicable Product teams to confirm the reported vulnerability information.
  • If the submission is determined to be a new vulnerability in our product, Olympus PSIRT will determine and implement a mitigation/ remediation for the vulnerability.
  • Olympus PSIRT (if and when) deemed necessary, will post a security advisory to corresponding product security website.

Notice* Please note that submitting information on potential vulnerabilities does not create any rights on behalf of the submitting party or obligations on behalf of Olympus PSIRT. Olympus PSIRT can use the information at its discretion.

VULNERABILITY SUBMISSION FORM open in new window