Gradebook Security

We take data security seriously at Gradebook. By creating an account with us, we create an implicit agreement with you. We agree to keep your data safe, and you agree to use our service in a reasonable manner.

If you feel this page does not include enough documentation, please send us an email.

Reporting a vulnerability

If you find a security vulnerability in any of our products, we encourage you to report it. We follow the general guidelines for responsible disclosure. You can shoot us an email, [email protected], but we prefer using Keybase, an encrypted communication service. You can find us @gradebook and either use the PGP key listed there to encrypt your message, or use Keybase chat.

In your communication, please include details including:

  • Proof of concept
  • Application version (if applicable)
  • Vulnerability type

Vulnerabilities we are quite interested in include:

  • Broken Access Control (BAC) / Permission Bypass
  • Sensitive Data Exposure
  • Security Misconfiguration
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Server Side Request Forgery (SSRF)
  • Remote Code Execution (RCE)
  • SQL Injection (SQLi)

We will try to respond to your notice within 2 business days. From there, we will work with you to determine the severity of the vulnerability, and the steps required to resolve it. Please wait 90 days from the date of disclosure to publicly publish any information pertaining to the vulnerability.

We hope we will never have to work with you 😉