Novo Nordisk is committed to ensuring the safety and security of patients, healthcare professionals, and other customers who use our products and services.
Novo Nordisk will not engage in legal action against individuals who in good faith submit vulnerability reports in accordance with our Coordinated Vulnerability Disclosure (CVD) Policy. We openly accept reports for our currently supported products and our systems from individuals who:
This policy addresses all products, software, and hardware, available under the Novo Nordisk brand names made available to the general public. If contractual obligations exist between Novo Nordisk and a partner where the partner must address an identified vulnerability, the terms of the agreement between the partner and Novo Nordisk shall prevail over the terms set forth in this policy.
Novo Nordisk considers it a key priority to provide safe and secure products and services including protection of Personal Data. Therefore, when conducting your security research, please avoid actions that could cause harm to patients or products.
Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products used for medical treatment, and products subjected to security testing should not subsequently be used for medical treatment or in a clinical setting. If there is any doubt, please contact Novo Nordisk.
Novo Nordisk reserves the right to modify its Coordinated Vulnerability Disclosure Policy and processes at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, we will acknowledge receiving your report within five business days and keep you informed on the status of your report. Furthermore, if a vulnerability is verified by our global security response team, we will attribute recognition to the researcher reporting it, if requested.
CAUTION: Do not include sensitive information (for example sample information, Personal Health Information (PHI), PII, etc.) in any documents submitted to Novo Nordisk. Comply with all laws and regulations in the course of your testing activities.
Note: When sharing any information with Novo Nordisk, you agree that the information you submit will be considered non-proprietary and non-confidential and that Novo Nordisk is allowed to use such information in any manner, in whole or in part, without any restriction.