For Philips, a global leader in health technology with a purpose to improve the lives of 2.5 billion people a year by 2030 through innovation, transparency is fundamental to everything it does. It is why it publishes Environmental, Social and Corporate Governance (ESG) targets on issues such as sustainability, taxation, and access to care, together with transparent plans and metrics to gage success, and why it is equally transparent in the way it deals with any potential security vulnerabilities in its products and services.
Philips’ Coordinated Vulnerability Disclosure (CVD) program is the company’s formal process to pro-actively assess, mitigate, and remediate such vulnerabilities. It is a voluntary and publicly accessible program for collaborating with customers, security researchers, regulators and government agencies to help identify, address, and disclose potential security vulnerabilities in a safe and effective manner. The program is fully aligned with the U.S. Food and Drug Administration (FDA) Post-Market Guidance requirements for the awareness and remediation of potential system security vulnerabilities, and is widely recognized as best-practice by industry associations, regulatory and other government agencies, the security research community, and Philips customers.