Coordinated Vulnerability Disclosure (CVD) Process

At IDT, we develop technologies to advance and optimize the laboratory. To achieve this, we uphold core values that define our responsibility to those we serve. Among them: an unwavering commitment to the safety and security of patients and laboratory personnel. Therefore, we believe in continuously improving to address the ever-evolving privacy and cybersecurity landscape. 

In response to potential threats to cybersecurity, IDT has formed a global product security team to assess vulnerabilities and determine responses within a coordinated vulnerability disclosure (CVD) process. These efforts allow the company to continually learn from vulnerability test information submitted to us by customers and security researchers. 

For the latest product detail information, please contact our product security team or visit our advisories page.

Scope

This CVD process applies to the reporting of potential cybersecurity vulnerabilities in IDT products and services. 

For customer support help requests, technical documents and regulatory contacts and notifications, please contact Support.

Contact information and CVD submission process

Potential security vulnerabilities or privacy issues with a IDT product should be reported to: ProductSecurity@idtdna.com using the PGP public key. We ask that you please refrain from including sensitive information (e.g., sample information, PHI, PII, etc.) as a part of any submissions to IDT. Please provide the following information in your submission:

  • Your contact information (e.g., name, address, phone number, and email)
  • Date and method of discovery
  • Description of potential vulnerability
    • Product name
    • Version number
    • Configuration details
  • Steps to reproduce
    • Tools and methods
    • Exploitation code
    • Privileges required
  • Results or impact

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0


xsFNBGeRXf0BEADDBFhd8P3VkUbAxO/fXkVzMEegEUcxCgU/eLjWFuZzwKXIoVW1HqZb1meS/WYF5hebLMz7HmEPux6G+2Igqee8jNcDY/k7op9vKpvR+9jo4RhZz4NisdRxsp3P5hqIepInF2OzISZ7BoDO7Gvzu29Jb4nb7cT+uMxzcQmktfANK2bVDFiGKv26/811R+yFNcFVlyvhQneH1dGfNE/2ad2bjcWPEnPwrIWtAGwM5FK6ECWGiFthp+PHO9jdZJMWJTVsByzqC0eKdSSEDb7/5Q4rruqi3zBWyyJMx9SSHCH9aDZMhlETTyAwl1q4PrLPo9FD+htDDdyvlmGvvBMHrYOD9cPHb6Uqf9DEefyQDcCHq7Hdw5EiyWrAwIoV7DTicrHq/K4TkcAyWo/oHo5d9T+M9tu2tlgrlccaEsgXrLDXDLAqOgkloyuTI0Rtdy4orK87XHWpIXmqVi0PGyULScYi81Bcb5RSXgxOMnWwL1vW/upBeIuKceIIShS8FUXVdSeIbjsEaKbBDV4DZxtzIvdJXObZgFAkLdou4fLRCk+jlkXoznM1vdUGeTr6CvXnUQIUDpd3d85SahEkSHgSxgvQz2NylFByQS+fPLYW1/PP7pwFrlrEprDx4AU1t7mdKaTgMfGaaKNr32dtnIYIlyLBpKv4Krecm/GrHzKPnUIh7wARAQABzUNJRFQgUHJvZHVjdCBTZWN1cml0eSAoQ1ZEIFN1Ym1pc3Npb25zKSA8UHJvZHVjdFNlY3VyaXR5QGlkdGRuYS5jb20+wsFtBBMBCgAXBQJnkV39AhsvAwsJBwMVCggCHgECF4AACgkQSxHBGnyzl1f/9Q/9HisrzLWP6OAZ40QHK2qFjLYrWc6o9R86j/eKvqbiQuVLrSrL/7+nCjFZTLicPDBTZSdXt80C5576aixRQxdwouYKMksAMmLx1Ru3Gdap1RyqaXlzg/ZVRBPIMYox3AXNlOPONPWjnIc2YbG7BzcO/JiWr3FQ8Wz2Ogk7cqYJVyKtFQ7RRffqo25vQpKqPgH+wuVnRwMri2LAKzMF34k2wH53ys5bYRs/OAtwO8l0gBHiVNRmujN9YpcNb0wo5t19vj4y7BT0EeyRq1/wwSeaoJoEBrVOTYDuOFXIvkW+qMAXW/7mrv+rFur4LcRgbV3YlSclgOLg5cRx7BwAVWrt+SXs+DBQH3VvrDLyuCZngJR7fGkTutE63LdHtVlcy+53Dy3hbp4cWL4DfXPpJriKk9QE4qBSF8IgTYzgkScMVCN+nNSyBWAURWOtjLTCqF1cc0Tj1sjb98Qj1ASi5EEnAXMrdq6OIIG0ZJa11ZHkWu7GcArRY1u2jOBq78nYvTViByA6D9LChyCUUneNceeRpqSYAgZ995bQmEuzGcOo06sI1HAw0bPHEEBiA+DT+zXWGsIjdCUpmQv4Q7Cz6uJ7OwZcv8+XQjAz3lxQ14c0eKFAlUGk5sGWzYoV26AT9MGGxzkEwgg0E6JpBl2opeeRfAKfSrGt+qRMbgoZ5QEWBALOwU0EZ5Fd/QEQAL/tVB9zXn2xfAjhFwGFFEnjahQM7MVoIdPSLPNyEpfbHuEcG8vjSv84ftid++EWdX7tC6cnEEFnhHeYtraatOlhmeWO7T4kkSooWzRmk8FPLFtGpOIQdT1viulxhchQ3F/n3ttV0JqzvoWONwYgjvIhlylZALXQoaIcezHKrQhRt0/YYWGIozCL9QJqh+PS3/N2itUpJcG575wpJIRt5eCg1wOShAaMjIYsaw/sHb+cm9cW2rcacyLKA7N4VGoiHssTmP0lLGsncO3JHNhCOfzEytCgwaf364U5bAOOWKQCwYP1P63hp6WF54rBl/RC7dTIqtM1FZwMKc/22EKI5Lv3BZ0JG/On4JKN8jxHc+KvM3x8rJA2t93DtMxtPm82NUCqfKjjPR62D0sfaRAxgIWe4wcHdGrLcSuA/pT6UHIAwo/NZ9gknPIYy5Ui/zgvDvPxyTVK22KXYRfktzvzM+cc7uRmngP/NNSYtTc5WdKvjqZcRlKQchU8sWtVhsr4qlbCGv8Lk1SqLG3B342RmJ7P7Yu7t2X2ewZRVR8K8TPJ7lpnMsDoD3ISkskQQuxdWm0mOPCZdtmqENnFU3nl6qRELGNLgDb/TbfYP0AW85m+kUgKnaXLSuPy+bqTUCExuP4xAdvCF2IJ7p7kC6bR66o/Wglmxxhm6jZWQT7rnZA1ABEBAAHCw4QEGAEKAA8FAmeRXf0FCQ8JnAACGy4CKQkQSxHBGnyzl1fBXSAEGQEKAAYFAmeRXf0ACgkQ7v3fBGUH3oqmsxAAh7MVQycSwDtBIx/fcoxTpQc26y32KwcYDkJ27AWmChGyNPMN76Ivjxw05v4VeJBVSN5qS6tJEUm/TUeWJvxrwgk/ww9c7rVPcPOkykilsCaUtn37zbE+FjwJ2Q6mnmgfyyTiTYoMN0TXj5fQbeDNdhRIK5+S2EB4gJIR6sjAdI+Ens3sXJc+vp87Q8Jihhc3L7aaVLXvTg7y3yoN/aHSMf2x7ug/BEo3DcC/MVjhEzePJkzcYLslsEnGi3HwIfiEZSHuXjAFavFNXpruz7eTC9OnPfocnXbaCDXEexj3phSm1QSM0ChYBBnTYgJoSm2ujuPdCTuwrxuKwjmgbjG930K0x+liagxaMbMmxs4jGvjeeYrSqODhpDP6h7Gyh+y2W6W/WCLiIGC4hk1+fGUmGYXDL3Z34hDGWu+uAaXaaJii9CKh3Zh6ZpQJ0QHHbGjCPGOYuPkctFrIetOhHR/QvCA1aBxsw7mZBfWn+4IN53M2j95mMpB9VGqliX5LB2AOtI8Rai1sSF51peCUbwvcyGhPl6BQ8QKhnCcWZySDvFgrrTJhmHXld34PRGv+PuNcQwjDwI4Ejhzhqj6ErMjIVp0zNJ8Y7rVt0evg8Gc7nAjtwFyitz119Q066iHFzKFA1X7zh83EDl7VUxJd7M7kDIuQBaCLW5xASi2rye7UQDB9GBAAp2Uz/+hb5qvlBeaHWTy11UBWwM2gl72xe33Cg9yVwemViXepTUCzRXZBvDe5fa0kKRZ2swFFgQb/RQ/3maxMRngu73ErfuhaOBER44SSdG5ctHQFCeSCmFyYhMGnX2AUGqyBm105jr/117D92De+g7FtcIPwTsRGQpkD1doulCHLEZbYnYIK7sRWYy806PNEXUdt1GGOmxBq4jNhSJUGZu8fbbzdhQjKm9BUe9mNfLE5ty135tDUJLyV1iyjFfA9inf8WA+x71JNnxClE/mcUE5Uy/8qaJJDqnF0Vv6kYWSPxbw8Bu//rgoRBiWcTEYOBCGAX+8ZehpVwYYTblbh+Of3H9Sj81JZGd+oSnEue/MUgJGy9MUVrwff3GCSy+uPYsOQYXq7X9qdGXywLvQoioEhUqxrZGc2PB7a/V6UTNKKwb8DGxLBnJTdMDyOxDre8MYg2uOcsXZLHWSjEizexeewYCrwNX/FzQpSFGrsdncWWPkXVsSf/lUBtvpr82WEBLHj+XcaFKdCpcGBlPR8v7ll9kz1XqdGu7oY8a1v51QQc0qezCFz5NNJ6fCBO8B2XF6y87S4HBTiF1PHYWbfGbVMln60Qunwq/lISNwtrBbSbB+qHnNMdgwI2FCrv25ZVR6DvU9WfGg3tVSD3571IahdcTr5lTFDDzVSGAUxbVHOwU0EZ5Fd/QEQANgyY0ShzubzpC27cfCOYLj7kGA2DTPoVQrRB184mdCzWOntptMeH3Z7zYpfEh2FvjE5D3JYvi70KR9z3l8U9itkJ6abgXH+CtXEpSakfkxlD7Rr6kPm3GoztjM/Ii56LxnpVjFLplBO/Th7u42z6PDTy8hi/InQn3r16gknTnmN6MaBvzrhHiMGoKk0QITKYfsb9xOSPQGYouJFLR3WsJHJAM6fF4+jKhoMHSW7fA0BwXD93q2Tx1732M1F5RZl7ZV6mZCXV7RXT1pRTsrcbens7XDHS2/S+coTTU8fPcK70luMfWH6kFK5jw6gbYlo8SmqgYhsYz+Dq51QmfcMePxlLGIwt5jfEc8qkGwZPDCXdfIo6a8GgHbWN6ymPxCQSs/N3mWlAV1HJY4rkcfw2AuwqGe0kuVFeeUjdovRF5RfEReooD69M1nCj7TwKEpB6MwpAsdMdpzdcKx0T3pBZgp/0Oq6ckm19PImTBHpvzQHge9wddZBftgNTSQRI118duPDe17+9D3DejhHzflYkEO6ZFg8MByW6Px1gpaFVOCjzxOM2LLm9W7Chrmfch5Eb6uihsSKwIjU/qyRv7RipkV3cSHlr7posRjQ7F74jBc/NCa1I9frjPtCUMrWR1TBPy/G/Zl/hbAa5pd38Pste1Fa0HqpUh9+zjAqK/mu5tLdABEBAAHCw4QEGAEKAA8FAmeRXf0FCQ8JnAACGy4CKQkQSxHBGnyzl1fBXSAEGQEKAAYFAmeRXf0ACgkQU++EbfHHCBflLBAAn+tjj2zzNpeWaeIrvK3qXoCLqQj796j1RM4aEfto/hSg/+VhajqFexvNbWth6y/V3XPzF0XqFkVgNGaeBJ34vH1VE2+iiGLK2kJ6k0fRcWYtLsdtE0av3j0V98uNHRgxXebV6e6Y6A1GAgjCyjGrG3zy4oKjHhAzRSl/fKCX1tY2Ya9idQKwNbn+R4rWJJZFwd7uE/4eI4ou+gOqeb8LU1pjYLjAgZ8stF7gJTWWrQyfsohDbNxTE/Kwzatf4srQiQb1cmX+zLFooHx2MDzhZEpRQxq6vNajEAxigX/PkWUG/Yxm/NyoQoEpKw0s5S1q0mIPi521KjEu8qJVGtMfev4q+eJJV1VKkrARLnNosXKOqvWeltU33HkFNSj9vd89LDHqT9D+bhCecwEIvBizjlf9LPqlWbmK8CJO0BEQeIOVzb7G2aKu5YvYKchvqcGA0X66k+vLP5BwknYnFWyJ3sj6XtlDRti/IqL4IAmyrjrM4devFECHJmOWLNG06ZWbMFRrJKEI9ZqBRiuMf9sxTt9uAAAqj/pOxqFQaGuf7HiQadPREEnFqo400oirX0K/rQlhHi/uBeoqkvO1IPmRNJc5kiXMqefUKxbyl5MAkGnx9UIzijw6Sun1ODKKzHIYnGlDNEPzhmKzaqxv4bPzay+BGdYtzcG0FaJA+f1Ds8jEiA//QJMqERdpWD7RmfIOC3qVf9sUqZl0FedCvzHvj+cd3uWo96qTr+3ra3lkk5Q8uTy35PLXzwCFBi40JAH7t5otD1Nmo193Mfe20u1aVl4CxlXxbDfiKn5qx1tG0Wcx7E/iNzMdzNSu4o8veWqLVMaR3UMl2/zlibDyqD5kuRFhzNtufJ6JU0WdtPWDJ+/uCauu7JG2Qnsj3dZd0Z4R1NPZqrODM/rXBwllZ6cbROme53rszNZaSIgMMf30BcRXaTULjaqRHnuNtlQthh38YfJYwB36MvF/FT0dEeiccSOIKIMOjaRN0Da+A5LDakGkphG+cFalDkbg9+LsU/kEbUbdoXGtVGqL1rV4iYYYiJomYOABgrwjlM6FFCXJ3uBR3AHba3r++Ni49/Yyycvwtgz6m9BFP8/kQ3Gga3/IkQEsae4l5p1LizZgl+3H8bGWiNn9cyqGOLrDqCjs8ZLDXIrbx4jbDr4PuWo2OpR/OZ79HZydGdVxLR6nv33L4ho8baJ0k2fpFN4HxlUGUBGSFYAZMcC679hDwYZxzLnstLuHjS8oQXS+gt3oNqrbvlqlr29KgAL6VIfOD+UXtkele8OXXTUT4SGiZxhr+eGMCfMqU2JXEAyLxvtNH6KPqtGOG1mP3xAn6SngyJkPgp8UbOKw9nWvmytHuAF7H6lvnFEQa4Q==hwXu

-----END PGP PUBLIC KEY BLOCK-----

What happens next

Upon receipt of a potential product vulnerability submission, IDT will:

  • Acknowledge receipt of the submission within five (5) business days
  • Our Product Security Team will perform an initial review to confirm the validity and scope of the submission.
  • Specialized product and engineering teams will collaborate to analyze the reported vulnerability and assess its impact on our products and services.
  • If needed, we will contact you to gather further details, such as reproduction steps or technical insights, to expedite our investigation.
  • The vulnerability will be categorized based on severity, potential impact, and exploitability to ensure it is addressed appropriately and promptly.
  • IDT will work with the reporter and relevant stakeholders to coordinate the responsible disclosure of validated vulnerabilities, ensuring minimal risk to customers and users.
  • Information from the reported vulnerability will be used to enhance our security practices, improve our products, and strengthen our cybersecurity defenses

Disclaimer

IDT considers it a top priority to protect the health and safety, as well as the personal information, of our customers' patients. 

When conducting your security research, please avoid actions that could cause harm to patients or products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a clinical setting, and products subjected to security testing should not subsequently be used in a clinical setting. If there is any doubt, please contact a IDT representative. 

IDT reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested. 
CAUTION: Do not include sensitive information (e.g., sample information, PHI, PII, etc.) in any documents submitted to IDT. Comply with all laws and regulations in the course of your testing activities. 

By contacting IDT, you agree that the information you provide will be governed by our site's Privacy Policy and Online Terms of Use.