At Moon Surgical, patient safety is our top priority

Our cyber-security team works tirelessly to keep our medical technologies safe and secure.
We continuously monitor for any vulnerabilities and take swift action to address them, ensuring our patients and medical partners remain protected.

Last Updated November 13, 2024

Security

How to submit your vulnerability report

Email your findings to security@moonsurgical.com using our PGP public key to encrypt your email submission. Our public key information can be found below: 

 

Server : https://keys.openpgp.org

Direct link : https://keys.openpgp.org/search?q=security%40moonsurgical.com

Fingerprint : 5F9E7BB749CD7E6F51A961A95EA341CEA863FE28

 

Email Format

Subject: [Product Name] – [Model Number] [Software Version (leave blank if not available)] - [Vulnerability Name or Class]

 

Body:

  1. What is the suspected vulnerability and why do you think this is a security vulnerability?
  2. How did you find the suspected vulnerability, what is the potential resultant effect of the findings, and what is an applicable remediation?
  3. What are potential threats from this suspected vulnerability, as applicable?
  4. Is the suspected vulnerability known to other parties or is it assigned a CVE?
  5. Describe steps to reproduce the issue proof of concept, exploit code, screenshots, video etc.
  6. Optional: Contact information so we can follow up with you. Please include name(s), organization name, email address, and phone number. We will not share your contact information externally or use it for any other purpose.

 

How our team will respond
  • Within ten business days Moon Surgical will confirm we have received your submission and provide a point of contact.
  • We will notify the appropriate security team members who may want to follow up with you to better understand what you’ve found, or to confirm technical details.
  • We will investigate the potential vulnerability.
  • We will conduct a risk analysis to determine appropriate action.
  • Once determined, we will provide you with a summary of our findings.
  • We may publicly acknowledge your contribution to improve the security of our products and services, subject to your agreement.
  • We reserve the right to change any aspect of our coordinated disclosure program at any time without notice, as well as for case-by-case exceptions. No particular level of response is guaranteed.