• Resources
  • Support
  • Privacy


Request a Demo

DreamBox Learning's Vulnerability Disclosure Program

Vulnerability Disclosure Philosophy

DreamBox Learning believes effective disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between DreamBox Learning and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of DreamBox Learning customers, products, and services. We welcome the reporting of security vulnerabilities that help us protect our customers and company assets.

Security Researchers

DreamBox Learning accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. DreamBox Learning defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality our Dreambox products.

Scope

This policy applies to any digital assets owned, operated, or maintained by DreamBox Learning, including public facing websites.

Our Commitment to Researchers

  • Trust. We maintain trust and confidentiality in our professional exchanges with security researchers.
  • Respect. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.
  • Transparency. We will work with you to validate and remediate reported vulnerabilities in accordance with our commitment to security and privacy.
  • Common Good. We investigate and remediate issues in a manner consistent with protecting the safety and security of those potentially affected by a reported vulnerability.

What We Ask of Researchers

  • Trust. We request that you communicate about potential vulnerabilities in a responsible manner, providing sufficient time and information for our team to validate and address potential issues. Vulnerabilities will only be reviewed if they are submitted via the form below. If you are a Dreambox employee, findings are not eligible for rewards.
  • Respect. We request that researchers make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing. Use your own account for testing purposes. Do not attempt to gain access to another user’s account or compromise any confidential user or Dreambox customer information.
  • Transparency. We request that researchers provide the technical details and background necessary for our team to identify and validate reported issues, using the form below.
  • Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues.

Vulnerability Reporting

DreamBox Learning recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by DreamBox Learning (or that would reasonably impact the security of DreamBox Learning and our users) using the web form below. The DreamBox Learning Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.

Nondisclosure:

This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

By participating in this program, you agree that any and all information, data or document of any kind regardless of form accessed by you within Dreambox’s owned systems or services of any kind or transmitted by Dreambox shall be treated as strictly confidential. Any artifact obtained by means of exploit is only to be shared with the team, for proof, then deleted.

This program requires explicit permission from Dreambox Learning to disclose any of Dreambox Learning’s information, including without limitation the results of a submission.

Our Commitment:

The Dreambox Security Team will work with you to understand and validate vulnerability submissions. After addressing the vulnerability, if deemed appropriate by Dreambox, in a timeframe to be determined by Dreambox.

Dreambox has partnered with Bugcrowd for the administration of this form. Responses and communication regarding submissions may come from Bugcrowd.

Awards:

Our Vulnerability Disclosure Disclosure program only awards points for VRT-based submissions by enrolled Bugcrowd researchers. Awards are not monetary.

For monetary awards, sign up for our Private Bug Bounty via Bugcrowd.

Dreambox Learning
DreamBox Learning takes children from whereever they are to where they want to be by transforming the way they learn.
Sales (844) 725-9569
Elevate your DreamBox experience on iPad. With the DreamBox Math app, we've simplified your student learning experience
DreamBox Learning Apps

© 2021 DreamBox.

Privacy
|
|
|
Facebook