Skip to header Skip to content Skip to footer
More in this section

Responsible Disclosure

Galen College of Nursing’s Responsible Disclosure

This policy only applies to the following domain: https://galencollege.edu. All other sub-domains owned or associated with Galen College of Nursing are strictly out-of-scope.

Please do not submit a report for a non-exploitable vulnerability or a report that does not fully align with “best practices.”

 

What to Know Before You Submit a Report

There is no financial compensation for finding or reporting a security vulnerability. If you comply with these requirements during your security research, Galen College of Nursing will work with you to resolve the issue and will not recommend or pursue any legal action related to your security research.

We ask that you work with us to diagnose and correct a vulnerability prior to publicly disclosing it to ensure the safety and well-being of our students and systems.

 

Avoid Including Sensitive Info

We ask that you refrain from including sensitive information in any submission to us, as part of your initial submission to us.

If you encounter Personal Identifiable Information (PII) or any Financial Information while performing your security research that is within the scope of this policy, you must immediately stop your testing and notify us at the below noted email address.

Disclosure of this information may not be made to any third party.

 

Follow Laws & Regulations

When performing your security research, you must not:

  • break any applicable law or regulation
  • modify any data on our systems or services
  • disrupt our systems or service
  • attempt any form of denial of service or utilize any type of invasive or destructive scanning

 

Avoid Social Engineering

During any security research you must not perform any type of social engineering including phishing against our students or employees or any type of physical attack against our infrastructure or systems.

 

Avoid Vulnerability Testing

We ask that you not perform vulnerability or similar testing on products that are actively in use for public safety reasons. We ask that you not take advantage of any vulnerability you have discovered.

 

 

Agreements & Assumptions

In the event you share information with us, you agree that the information you submit will be considered non-proprietary and non-confidential, and that we may use such information in any manner, without restriction.

Furthermore, you agree that submitting information does not create any rights for you or any obligation for us. As a reminder, your access and use of our Services, which includes any submissions to us, is governed by our Privacy Policy.

If you believe you’re aware of a potential security vulnerability, please contact us.  Email Our Security Team

Communication Agreement
card_arrow
Consumer Disclosures
card_arrow
Privacy Policy
card_arrow
youtube modal