At Patriot Conceptions, we take security seriously. We handle sensitive personal and medical information, so maintaining the highest security standards is critical to our mission.
If you believe you've found a security vulnerability in any Patriot Conceptions-owned repository, please report it to us through our coordinated vulnerability disclosure program:
Email: security@patriotconceptions.com
Please include the following information in your report:
- Type of vulnerability
- Path of affected files
- Proof of concept or reproduction steps
- Potential impact
- Any possible mitigations you've identified
We strive to respond to and address security issues promptly:
- Initial Response: We aim to acknowledge receipt of vulnerability reports within 24 hours.
- Status Update: We will provide an update on the vulnerability within 5 business days.
- Vulnerability Resolution: The time to resolution will depend on the severity and complexity of the issue.
As a healthcare technology company handling protected health information (PHI), we maintain:
- HIPAA compliance for all medical data
- Regular security audits and penetration testing
- Comprehensive security training for all team members
- Role-based access controls for all systems
- End-to-end encryption for sensitive communications
- Data minimization practices
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ✅ |
| < 1.0 | ❌ |
- All user data is encrypted at rest and in transit
- Database access is strictly controlled through authentication and authorization
- Regular backups with encryption
- Secure coding practices following OWASP guidelines
- Regular dependency updates and vulnerability scanning
- Input validation and output encoding
- Protection against common web vulnerabilities (XSS, CSRF, injection attacks)
- Network segmentation and firewalls
- Intrusion detection and prevention systems
- Access logging and monitoring
- Regular security patching
- Multi-factor authentication
- Role-based access control
- Session management best practices
- Password policies and secure credential storage
We follow a coordinated vulnerability disclosure process:
- Reporter submits vulnerability details to security@patriotconceptions.com
- Our team acknowledges receipt and begins investigation
- We work with the reporter to understand and validate the issue
- We develop and test a fix
- We deploy the fix to production systems
- We publicly disclose the issue (if appropriate) after systems are patched
We believe in recognizing the contributions of security researchers and maintain a security acknowledgments page for those who have responsibly disclosed vulnerabilities.
We would like to thank all security researchers who have helped improve the security of Patriot Conceptions. If you've reported a security vulnerability that we have resolved, we'd be happy to acknowledge your contribution.
Last updated: March 2025