Responsible Disclosure

itslearning aims to keep its services safe for everyone, and security is our top priority. If you believe you have found a security vulnerability in itslearning, we encourage you to contact us at [email protected]. We will acknowledge receipt of your vulnerability report and strive to send you regular updates about our progress.

Responsible Disclosure Policy

You should give us reasonable time to investigate and mitigate an issue you report before making public any information about the report or sharing such information with others.

You should not exploit a security issue you discover for any reason, and avoid privacy violations as well as interruption or degradation of our services.

Recognition

We may reward submissions who help us keep our services safe to use, given that they adhere to this responsible disclosure policy. Whether a reward will be offered or not is solely at our discretion.

Scope

We appreciate being notified in case of a vulnerability, as we believe proper configuration and hardening of all resources is important, even for open information.  Researchers that report potential vulnerabilities according to our responsible disclosure policy which lead to changes on our side, will earn a spot in our Hall-of-Fame, provided the report fulfills certain requirements:

  • It needs to be new to us, and the first report on the issue
  • It needs to be exploitable

We are grateful for all reports on possible vulnerabilities that will help us be secure!

Out of scope:

  • Denial of Service attacks and Distributed Denial of Service attacks
  • Spam or social engineering techniques
  • Automated tool scan reports