Responsible Disclosure
itslearning aims to keep its services safe for everyone, and security is our top priority.
If you believe you have found a security vulnerability in itslearning, we encourage you to contact us at security@itslearning.com. We will acknowledge receipt of your vulnerability report and strive to send you regular updates about our progress.
Responsible Disclosure Policy
You should give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.
You should not exploit a security issue you discover for any reason, and avoid privacy violations as well as interruption or degradation of our services.
Recognition
We may reward submissions that help us keep our services safe to use, providing that they adhere to this responsible disclosure policy. Whether a reward is offered or not is solely at our discretion.
Scope
We appreciate being notified in case of a vulnerability, as we believe proper configuration and hardening of all resources is important, even for open information.
Systems within scope:
- itslearning LMS web application
- itslearning LMS mobile app
Out of scope:
- Denial of Service attacks and Distributed Denial of Service attacks
- Spam or social engineering techniques
- Automated tool scan reports
Researchers who report potential vulnerabilities according to our responsible disclosure policy and scope which lead to changes on our side, will earn a spot in our Hall of Fame, provided the report fulfills certain requirements:
- It needs to be new to us, and the first report on the issue
- It needs to be exploitable
- It needs to be clearly explained in the report
We are grateful for all reports on possible vulnerabilities that will help us be more secure.