Norsk helsenett SF develops, operates and maintains digital services that are fundamental to the Norwegian health system. Norsk helsenett SF has a strong focus on security and privacy, and therefore values the input of hackers acting in good-faith to help us maintain a high standard for our services. This guideline describes the target, scope and acceptable process for reporting vulnerabilities that you detect in our solutions.
By complying with this policy, you can expect the following from us:
The scope includes all services under
If you have any questions regarding the scope, you can contact us at securityATnhnDOTno. When reporting a vulnerability, please provide assessments regarding the attack vector, attack scenario and negative impact of the vulnerability.
The followings are NOT in the scope and shall NOT be attempted to perform:
Norsk Helsenett SF, being a public organization, does not offer financial rewards for the discovery of vulnerabilities. However, ethical hackers who help in discovery of vulnerabilities may earn recognition in our Hall of Fame. To be included, please explicitly state in your email that you wish to be acknowledged in our Hall of Fame and specify the name or nickname you prefer to be recognized by.
As part of encouraging vulnerability research and distinguishing between well-intentioned security testing and destructive cyberattacks, you shall comply to the followings: