I am a security consultant at Bishop Fox and during my contracted assessment work, I discovered security vulnerabilities in OpenClinic that I would like to bring to your attention. I've emailed the details of my findings on August 28th to a gmail address that I believe to be associated with OpenClinic. I followed up on that email on September 28th, but I have yet to hear back. I'd like to verify that the information was received and if there is anything that I can clarify. Please note that per our 90-day disclosure policy, these issues will be disclosed publicly on November 26, 2020.
Best regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi OpenClinic team,
I am a security consultant at Bishop Fox and during my contracted assessment work, I discovered security vulnerabilities in OpenClinic that I would like to bring to your attention. I've emailed the details of my findings on August 28th to a gmail address that I believe to be associated with OpenClinic. I followed up on that email on September 28th, but I have yet to hear back. I'd like to verify that the information was received and if there is anything that I can clarify. Please note that per our 90-day disclosure policy, these issues will be disclosed publicly on November 26, 2020.
Best regards.