- Breast Dissector
- Breast Spreader
- Fiber Optic Tools
- Hooks – Retractors
- Hemostatic Forcep
- Mallets
- Nasal Forcep
- Nasal Speculum
- Needle Holder
- Scissor
- Suction Tubes
- Serrefine
- Chisel – Osteotome
- Rasp – Files – Saw
- Skin Grafting Tools
- Pin And Wire Cutter
- Scalpel Handle And Knife
- Cartilage Instruments
- Self Retaining Retractor
- Dressing And Tissue Forcep
- Elevators And Raspatories
- Forehead – Facelift Dissector
- Measuring And Marking Instruments
- Septum Straightening Forcep
- Micro Vascular Clamp
Vulnerability Disclosure Policy (VDP)
Last Updated: August 31, 2024
Introduction
At Scatter Instruments, the security of our systems and the protection of our customer data is a top priority. We value the role of independent security researchers in helping us maintain a high standard of security. This policy outlines how to report potential vulnerabilities to us and what you can expect in return.
We are committed to working with the security community to resolve verified vulnerabilities in a timely and responsible manner.
Safe Harbor
Scatter Instruments will not initiate legal action against individuals who discover and report security vulnerabilities in accordance with this policy. We consider security research and vulnerability disclosure activities conducted under this policy to be authorized and will not bring a lawsuit or file a complaint with law enforcement for violating applicable computer fraud and abuse laws.
To be protected by this Safe Harbor, you must:
- Comply with all rules and guidelines in this policy.
- Not compromise the privacy or safety of our customers and their data.
- Not disrupt or degrade our services in any way.
- Act in good faith to avoid privacy violations, destruction of data, and interruption of our services.
Scope
This policy applies to the following publicly accessible websites and services owned by Scatter Instruments:
In-Scope Systems:
scatterinstrumentsonline.comwww.scatterinstrumentsonline.com- Any other subdomains of
scatterinstrumentsonline.com
Out-of-Scope Systems & Actions:
Any service not explicitly listed as “In-Scope” is considered out of scope. Additionally, the following actions are strictly prohibited:
- Testing on third-party services that integrate with our site (e.g., payment processors, analytics providers, social media widgets).
- Physical attacks against our facilities or equipment.
- Social engineering (e.g., phishing, vishing) of our employees, contractors, or customers.
- Denial of Service (DoS or DDoS) attacks that would disrupt access to our services.
- Posting spam or using automated tools to aggressively crawl our site.
- Accessing, modifying, or exfiltrating data that does not belong to you.
How to Report a Vulnerability
If you believe you have found a security vulnerability, please submit your report to us via email at contact@scatterinstruments.com.
For sensitive information, we strongly encourage you to encrypt your report using our PGP key, which can be found in our security.txt file.
To help us validate and fix the issue faster, a great report should include:
- A clear and descriptive title.
- The type of vulnerability and its potential impact.
- The full URL or asset where the vulnerability was discovered.
- Detailed, step-by-step instructions to reproduce the issue.
- Any proof-of-concept code, screenshots, or screen recordings.
Our Commitment
When you report a vulnerability in accordance with this policy, we promise to:
- Acknowledge receipt of your report in a timely manner (typically within 2-3 business days).
- Provide you with a point of contact and keep you updated on our progress.
- Investigate and validate your report.
- Remediate verified vulnerabilities as soon as reasonably possible.
- Not publicly disclose the details of the vulnerability until a fix is in place.
Rewards & Recognition
While Scatter Instruments does not currently offer monetary bug bounties, we are deeply grateful for the community’s contributions.
For verified and qualifying vulnerability reports, we are pleased to offer public recognition on our Security Researcher Hall of Fame, with your permission.
