DreamBox Learning believes effective disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between DreamBox Learning and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of DreamBox Learning customers, products, and services. We welcome the reporting of security vulnerabilities that help us protect our customers and company assets.
DreamBox Learning accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. DreamBox Learning defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality our Dreambox products.
This policy applies to any digital assets owned, operated, or maintained by DreamBox Learning, including public facing websites.
DreamBox Learning recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by DreamBox Learning (or that would reasonably impact the security of DreamBox Learning and our users) using the web form below. The DreamBox Learning Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.
This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.
By participating in this program, you agree that any and all information, data or document of any kind regardless of form accessed by you within Dreambox’s owned systems or services of any kind or transmitted by Dreambox shall be treated as strictly confidential. Any artifact obtained by means of exploit is only to be shared with the team, for proof, then deleted.
This program requires explicit permission from Dreambox Learning to disclose any of Dreambox Learning’s information, including without limitation the results of a submission.
The Dreambox Security Team will work with you to understand and validate vulnerability submissions. After addressing the vulnerability, if deemed appropriate by Dreambox, in a timeframe to be determined by Dreambox.
Dreambox has partnered with Bugcrowd for the administration of this form. Responses and communication regarding submissions may come from Bugcrowd.
Our Vulnerability Disclosure Disclosure program only awards points for VRT-based submissions by enrolled Bugcrowd researchers. Awards are not monetary.
For monetary awards, sign up for our Private Bug Bounty via Bugcrowd.