Vulnerability Handling Process
InterSystems believes that providing secure enterprise products to customers is crucial to building Trust. We focus on delivering products that not only perform well and operate efficiently, but also on delivering secure products by using development and quality processes to avoid and address any potential security vulnerabilities. Still, as with any technology product, not all vulnerabilities can be avoided, and we promptly investigate any reports of potential security or privacy issues in our products.
We encourage responsible reporting of potential security vulnerabilities using one of these methods:
- If you are an InterSystems customer, you can report a potential security vulnerability by contacting the WRC, for Data Platforms and HealthShare, or iService, for TrakCare. We will work with you to investigate the issues you report, and we will provide guidance to you and, as necessary, other InterSystems customers, following our standard security and privacy vulnerability handling process.
- If you are an end user of an organization using a solution created with InterSystems products, you can share your concerns directly with that organization. Organizations using InterSystems products maintain and configure their solutions based on their organization’s unique uses and needs, and may be better suited to address your concerns or findings. Also, if needed, as a customer of InterSystems, that organization can report any concerns to InterSystems directly and we will work with them to resolve the issue.
- Security researchers, security and penetration testing companies, or customers of InterSystems customers using an application built from InterSystems products, or anyone else can report a potential vulnerability in our products to us directly by sending an email to firstname.lastname@example.org (please be sure to put the specific InterSystems Product and Version into your subject line and in the email message), or by using our online contact form, selecting security/privacy vulnerability as the issue. Please do not send any sensitive information through these methods, as we can work with you to provide a secure method for you to share the details of your findings with us.
- If you wish to report a vulnerability concerning one of our websites on the intersystems.com domain name, please email email@example.com with the subject line, Website Vulnerability.
Please note that at this time, InterSystems does not offer compensation for reporting potential vulnerabilities or other issues in our products.