Working Together for a Better Practice
Thank you for your interest in Dentrix. Following the pattern of other technology companies such as Google, Facebook, and Microsoft, we launched a crowdsourced security program. A crowdsourced security program is a responsible way by which individuals can potentially receive recognition and compensation for reporting security vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of abuse. The goal of this program is to provide a convenient and rewarding method for Dentrix users and security researchers to report potential security vulnerabilities. We welcome all responsible dental security researchers to contribute to this program.*
To report a security issue with the current version of the Dentrix ‘G series’ application (http://dentrix.com/products/dentrix/whats-new) or to report a security issue with the current version of the Dentrix eServices product, please create an account at https://bugcrowd.com/user/sign_up and email firstname.lastname@example.org with the subject line HENRYSCHEINDISCLOSURE. You will be added to our private Crowdsourced security program and may receive a monetary reward for your efforts, subject to the applicable rules/terms and conditions found on the bounty brief, including but not limited to the Bugcrowd Standard Disclosure Terms. For more details about the prioritization and incentive process, please visit our partner site here: https://blog.bugcrowd.com/vulnerability-prioritization-at-bugcrowd/
We at Henry Schein Practice Solutions are grateful for all submissions and the dedication of our users and security researchers to provide a more secure landscape for our customers. We realize that security is a challenging and constantly changing field and we are excited to work with customers and security researchers to be pro-active in finding and addressing potential security vulnerabilities.
Automated scans have already been run on our dental software, and automated defect findings logged. In order to avoid the unnecessary overhead of responding to submissions of bulk findings that have already been identified and logged, the use of automated scan tools is considered “out of scope” and any submissions based on these tools will not be accepted. These tools include, but are not limited to Veracode, Fortify, and Checkmarx. All submissions must identify a working exploit that compromises application security under normal install conditions.
*At this time we are only accepting security issue submissions from current users with a valid license to use the Dentrix software, or their contracted IT service providers who have been given authorized access to Dentrix by a licensed user of Dentrix in accordance with the terms and conditions with respect to the use of Dentrix by such users.