Terumo Europe Responsible Disclosure Statement

At Terumo Europe, safeguarding the integrity and security of our systems and websites is a top priority. While we implement robust security measures, we remain vigilant to address any unforeseen issues that may arise. We therefore value the contributions of security researchers and ethical hackers who help us identify and resolve these issues responsibly.

Reporting a vulnerability

If you discover a security vulnerability in any of our systems or websites, we encourage you to report it responsibly so we can take prompt action. Through our responsible disclosure statement, we provide legal certainty for those who collaborate with us to identify and report security vulnerabilities.

Please follow these guidelines:

  • Contact us at: security@terumo-europe.com
  • Do not exploit the vulnerability by accessing, modifying, or deleting data of Terumo or a third-party, or downloading more data than necessary to proof the vulnerability.
  • Do not disclose the vulnerability to others until it has been resolved and after approval from the Security Team of Terumo Europe. Delete any confidential data obtained through the vulnerability once it is fixed.
  • Avoid physical security attacks, social engineering, denial-of-service attacks, spam, or the use of third-party applications to exploit the issue.
  • Provide sufficient detail to reproduce the issue, such as the affected system’s IP address or URL and a clear description of the vulnerability. Additional information may be requested for complex cases.

Our Commitment to You

  • We will acknowledge your report and respond via email.
  • If you comply with the above conditions, we will not pursue legal action against you.
  • Your report will be treated confidentially. We will not share your personal information without your consent unless legally required. Anonymous reporting is allowed.
  • We will keep you informed about the progress of the resolution.
  • With your permission, we will credit you as the discoverer in any public communication.
  • In exceptional cases, we may offer a financial bounty or recognition for vulnerabilities of significant value.
  • We strive to resolve all vulnerabilities as quickly as possible. We are also happy to collaborate on any public disclosure of the vulnerability after it is resolved.
neutrals-100