Product Cyber Security

Report Details to provide:

• Your contact information, including name(s), organization name, email address and phone number so we can follow up with you. We ask for contact information only to consult mylife Diabetes Care records when addressing your submission. We never share your contact information.

• Product name and affected versions

• Class or type of vulnerability, optionally using a taxonomy like CWE

• Possible root cause, PoC code or other substantial evidence,

• Tools and steps to reproduce the vulnerable behavior,

• Impact and severity estimate,

• Scope assessment, other products, components, or vendors thought to be affected

• Any additional information you think will be helpful to us

• Whether you have notified anyone else about the potential vulnerability, such as regulatory agencies, vendors, vulnerability coordinators, etc. or if you plan to do so

Analyze:

• We will investigate the potential vulnerability.

• We will conduct a risk analysis to determine appropriate action.

• If confirmed our various functional team including Research and Development (which includes Product Security), as well Quality and Privacy to respond to the issue.

Communicate & Disclose

• We will confirm receipt of the report within 5 business days

• Once investigated, we will provide you with a summary of our findings.

• Confirmed mylife Diabetes Care product vulnerabilities will be published as Bulletins in a coordinated fashion.

Important Information

• We ask that you comply with all laws and regulations when conducting your research, and avoid actions that could harm products or people, such as brute force testing, tests on active devices, tests on software in production settings, actions taken to exploit any vulnerability, and actions that result in a change to a product or system after the test is conducted.

• We reserve the right to change any aspect of our coordinated disclosure process at any time without notice, and to make exceptions to it on a case by case basis.