If you believe you’re aware of a potential security vulnerability, please let us know by emailing our Security team directly at bugreport@galencollege.edu. 
Please do not submit a report for a non-exploitable vulnerability or a report that does not fully align with “best practices”. 

This policy only applies to the following domain:  https://galencollege.edu.
All other sub-domains owned or associated with Galen College of Nursing are strictly out-of-scope.

Please review the following prior to submitting:

• There is no financial compensation for finding or reporting a security vulnerability.   
• If you comply with these requirements during your security research, Galen College of Nursing will work with you to resolve the issue and will not recommend or pursue any legal action related to your security research. 
• We ask that you work with us to diagnose and correct a vulnerability prior to publicly disclosing it to ensure the safety and well-being of our students and systems.
• We ask that you refrain from including sensitive information in any submission to us, as part of your initial submission to us.  If you encounter Personal Identifiable Information (PII) or any Financial Information while performing your security research that is within the scope of this policy, you must immediately stop your testing and notify us at the above noted email address.  Disclosure of this information may not be made to any third party.
• When performing your security research, you must not break any applicable law or regulation, modify any data on our systems or services, disrupt our systems or service or attempt any form of denial of service or utilize any type of invasive or destructive scanning.

In addition, during any security research you must not perform any type of social engineering including phishing against our students or employees or any type of physical attack against our infrastructure or systems.    

• We ask that you not perform vulnerability or similar testing on products that are actively in use for public safety reasons.
• We ask that you not take advantage of any vulnerability you have discovered.

Notice: In the event you share information with us, you agree that the information you submit will be considered non-proprietary and non-confidential, and that we may use such information in any manner, without restriction. Furthermore, you agree that submitting information does not create any rights for you or any obligation for us. As a reminder, your access and use of our Services, which includes any submissions to us, is governed by our Privacy Policy.