Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
30/06/2015
Security | Blackboard logo
Thanks
Gift
Hall of Fame
Reward

Security | Blackboard

Vulnerability management commitment and disclosure policy for Blackboard

Learn™

Blackboard is committed to resolving security vulnerabilities quickly and

carefully. Such resolutions may lead to the release of a Security Advisory

and/or any needed product update for our customers. In order to protect our

customers and their data, we request that vulnerabilities be responsibly and

confidentially reported to us so that we may investigate and respond.

Vulnerabilities should not be announced until we have developed and

comprehensively tested a product update and made it available to licensed

customers.

Blackboard’s products are complex. They run on diverse hardware and software

configurations, and are connected to many third party applications. All

software modifications – big or small -- require thorough analysis, as well as

development and implementation across multiple product lines and versions. The

software must also undergo localization, accessibility, and testing

appropriate to its scope, complexity and severity. Given the critical

importance of our products to our customers, Blackboard must ensure that they

run correctly not only in our testing facilities, but also in customer

environments. Accordingly, Blackboard cannot provide product updates according

to a set timeline -- but we are committed to working expeditiously.

Malicious parties often exploit software vulnerabilities by reverse

engineering published security advisories and product updates. It is important

for customers to update software promptly and use our severity rating system

as a guide to better schedule upgrades. Therefore, public discussion of the

vulnerability is only appropriate after customers have an opportunity to

obtain product updates.

Testing for security vulnerabilities

You should conduct all vulnerability testing against non-production instances

of our products to minimize the risk to data and services.

How to report a vulnerability

  • Confidentially share details of the potential vulnerability by sending an email to [email protected]

  • Provide details of the potential vulnerability so the Blackboard security team may validate and reproduce the issue quickly. Without the above information, it may be difficult if not impossible to address the potential vulnerability. Reports listing numerous potential vulnerabilities without detail will not be addressed without further clarification. Details should include:

    • Type of vulnerability;

    • Whether the information has been published or shared with other parties;

    • Affected products and versions;

    • Affected configurations; and

    • Step-by-step instructions or proof-of-concept code to reproduce the issue.

Blackboard Security Commitment

To all vulnerability reporters who follow this Policy, Blackboard will attempt

to do the following:

  • Acknowledge the receipt of your report;

  • Investigate in a timely manner, confirming where possible the potential vulnerability;

  • Provide a plan and timeframe for addressing the vulnerability if appropriate; and

  • Notify the vulnerability reporter when the vulnerability has been resolved.

Acknowledging contribution

With the agreement of the vulnerability reporter, Blackboard may acknowledge

the reporter's contribution during the public disclosure of the vulnerability

so long as the reporter complies with this policy. Blackboard does not

compensate for reporting security vulnerabilities.

Changes in policy

Blackboard is committed to improving its security policy and as such, may

update or amend this policy at any time with or without notice to you. If you

have any questions regarding this policy, please email us at [**[email

protected]**](http://www.blackboard.com/cdn-cgi/l/email-

protection#5b373e3a2935283e382e29322f221b39373a383039343a293f75383436).


This program crawled on the 2015-06-30 is sorted as cvd.

FireBounty © 2015-2019

Legal notices