This policy clearly states how Medtrum addresses reported security vulnerabilities.

REPORTING SECURITY ISSUES

If you believe you have discovered a vulnerability in Medtrum or have a security concern you would like to report, please email security@medtrum.com with details of your findings.

REQUIRED INFORMATION

To expedite investigation, please include:

• A description of the issue
• Steps to reproduce the issue
• Potential impact of the issue
• Product model and number
• Any relevant supporting information(eg. Screenshots, testing tools, proof-of-concept code)

Once a vulnerability report have been received by Medtrum, Medtrum will acknowledge receipt of the report within 5 days and take a series of steps to address the issue:

1. Assesses and verifies the vulnerability
2. Develop a remediation plan
3. Disclose vulnerability advisory

NOTE

Medtrum will formally and publicly release its security advisories on our website. Only advisories listed on the website should be considered official Medtrum advisories.