Responsible Disclosure Program
At Blake eLearning the security of our customers' data is of highest importance. If you have discovered what appears to be a vulnerability in any of our sites or products, then we appreciate your help in disclosing this to us in a coordinated and responsible manner.
Guidelines
The expectations of both parties relating to reported vulnerabilities are outlined below.
Security Researchers must:
- send full details of the perceived vulnerability to security@readingeggs.com encrypted using our PGP KEY including:
- an explanation of the vulnerability
- a list of sites and applications that may be affected (where possible)
- steps to reproduce the vulnerability
- proof‑of‑concept code (where applicable)
- the names of any test accounts you have created (where applicable)
- your contact information.
- Allow us time to review the reported vulnerability.
- Not publicly disclose these details without our express written consent.
- Maintain full confidentiality of all communications with Blake eLearning.
- Fully comply with the Responsible Disclosure Program.
The Blake eLearning Security Team will:
- review all disclosures and respond to the reporter within 72 hours
- if necessary, take steps to remediate vulnerabilities as soon as possible
- publicly recognize the reporter with their consent, if a new, unique and genuine vulnerability has been identified.
To encourage responsible disclosure, we will not take legal action against security researchers in relation to the discovery and reporting of a potential security vulnerability. This is provided that all such potential security vulnerabilities are discovered and reported strictly in accordance with this Responsible Disclosure Program. In the event of any non‑compliance, we reserve all of our legal rights.
If in doubt, please contact the Blake Security Team by sending an email to security@readingeggs.com.
Out‑of‑Scope Vulnerabilities
We encourage responsible security research on our sites and applications on those to which you have authorized access.
The following types of research are not allowed:
- accessing or attempting to access accounts or data that do not belong to you
- any attempt to modify or destroy any data
- testing in a manner that would degrade the operation of our services
- sending or attempting to send unsolicited or unauthorized email, spam or any other form of unsolicited messages
- conducting social engineering (including phishing) of Blake eLearning’s employees, contractors or customers or any other party
- any physical attempts against our property, including (but not limited to) offices and warehouses
- use of malware, viruses or similar harmful software that could impact our services, products or customers or any other party
- testing third‑party websites, applications or services that integrate with our services or products
- the use of automated vulnerability scanners
- exfiltrating any data under any circumstances
- activity that violates any law.
The following finding types are excluded from this Responsible Disclosure Program:
- vulnerabilities identified with automated tools (including web scanners) that do not include proof‑of‑concept code or a demonstrated exploit
- third‑party applications, websites, or services that integrate with or link to Blake eLearning's site or services
- discovery of any in‑use service (vulnerable third‑party code, for example) whose running version includes known vulnerabilities without demonstrating an existing security impact.
Recognition
Blake eLearning does not offer a bounty program or provide compensation in exchange for security vulnerability submissions.
PGP Public Keys
|
You can download this key or copy-and-paste the text below.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF/aqZ8BEAClB1puoNk7vTrchB+mxqJgs/HKfSaVxx8dbaGiB+0MBiGLz670
Rhhb2/E/P47CRdkzVrMDz+N/XTg36r2VoefI85NL9LZNknb2CMefsAdJAyS/nbRC
liSceLIMLizWVqgp+c8otrstdJv++0paui8xhxb/duyqEMyL7B5y3e3MR9AAJ9vG
QYVPUCubBpTU8I/2A/QOv8VMIWywn+VBAqEAZ6vrkG++GIHSTJLkxuisqXeH4z/g
de+EYEjzCURJHwxE182iKdRMH/2FRXtzdO88VYS7jVz+x/fIeMm/DLGO+dnkHD8f
9H4LYF+By1RUq+eemX+gU95MLMgg5aIgOA3xw1G5N3uwYmyez6i/vw320cqEr3yi
Fzhx2gqhXkVv9c9XJs7YoWTItteUU3JqOQ3KMGQrJX0SrUHO9QQR099/6fAysIrV
d+LnyJqQB5DZGMi5h4ktERM6wf7tTLg9PXXz3GWfbdA3c5CHoXvNgODMkKC/m528
wTtY1nvVP6Dz8RIfwPIiSk2YO1SI6U6LuPGER+UW1TNn95c+iCAGhDH5rL8+XmF4
b+UppS+Fc/ybP4jDDHy89kFe9/w2+hwZvudWoWzl6thDR6Dt/j1nkLlw2tZ9M/xw
c8TCWwsHEKDHJ7f+koIHm6qwBYD5CTkHvA/4dz6J4nWqU0Y87dc1W72+0QARAQAB
tGRCbGFrZSBlTGVhcm5pbmcgU2VjdXJpdHkgKFBHUCBLZXkgZm9yIHJlY2Vpdmlu
ZyBEaXNjbG9zZWQgVnVsbmVyYWJpbHRpZXMpIDxzZWN1cml0eUByZWFkaW5nZWdn
cy5jb20+iQJOBBMBCAA4FiEE9avFjKgf9CqGJFxKL/MnQ82D3IgFAl/aqZ8CGwMF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQL/MnQ82D3IglPBAAmok6HfVqukBV
9sUk3TEa1xvKtGrXa3zpkBjVV0gbewt+xsD/uKCJ2XvS06Ce7skvFbCQkhdGtSHJ
jh6wvGDmLO07A1IjN5w7Dg5QNHeb1fiHljuNtkMDK8v9PGXJJxmg5KBWDUZiaV9K
klAcrh7yMxVN/qaqcIJ23BWKiPnPf2hchjjt+Wlc/skMDFd+aHrEfNt470ccT7Z3
6wcKBZGMOuN5Y3uWyPUKfAoUNBsfGNl0WYjOZx5wjOLBHbCGjKZJd65qxF3NUYUE
QvUvta6mCuCz1R7UH1Lyb/Flfo62gk8yl+Y1LfCb7dHylMkPskCFvjKqUa60Ofa4
wVPs1lx388Axen2Py3x6um5wpw7bQ/YJjfyC2yZ70AO45jXESCQdbcM4M/mbeKFf
pYRc/iwK6KkQX5czFsJ/xyEv+SFEC/0oaO2pqt+bqB4aalduo2jArPwSUrSK/1eE
RndANLAP/6+izXaiX4EgiEAwEEUIxpzcAHMc6vw7TIcmNS98tTZNcAijBECjYerZ
xor+sHnfI52x04m3Jl5VLBKZ2gMmx01+aHM9mWqDcdbZUNZf3Nzm7g/tiSDfsae9
z3ff2YOiQ+KskaX2AAlT/65RdHyXDs0etauP8O69ue8so5iBJhjfizvzJ1KNFDUo
St2ro0WZM0XmPzPi132MX3FxgM6anJC5Ag0EX9qpnwEQAKb7iVO1CSiNjUiDz9KJ
W2OR58mpQDVXb3BaPPO8+YOdccaQOqUYb1mbkNsaTXLrjrvZMSJWq3mqn0J2Pfx8
euSztnmDIL/qqOI3g2DDk8rgYhJ4aBWkw0nqdMnGExvCjfsNA0sx9ZZfdgm5GciF
RJEauwNdyOrs6wNcUtmCRgEjQ7RRkf564Q3+Nv9G1pp26XySPmxCd6tMn7zYaRt6
W9V1Tlit7isWm8sHx1IEtP/GnX0xQsxlZbUavNDlH/+ZD33r1W5VOpyZzrXE8oRX
+a6aG3nS515KsYMmWyCp1bOOvCh+Ncl5aIPbrCVVjPz2ZYdpE18yIF8g0mLzCBjS
1ZDholJ+4nVx4p7/4lWwKQ0W2aZ1d0F9nb6faGL9HoxtVeyfi5Jhb9ywxYpBV8rX
U3QMv+L0J+JDd/EUs583eHcwShTMk4AzjdsWOElgeOcy41YiwjHJr2HHt1dhRytb
HMX2dk7XNXk5lS5J9J30NWj899E4ZRjkKz9PZXX1jIHgftt/HcysAyqf0bRyY8rH
BcHTlWQufm+btBOx5m4wQ+m3W5KyHku2KLcjOW3SGQcyg0YLBUsYyJ0Hue716kRO
Wxp9ruTc2QuMAZOeOo4DnGKvYwRSpLaml8ggSfvK8eAGO4jDnE7fSUY4d4mZ9Pp9
Yki5Ls6FrNdqyi29ZkD3L2JbABEBAAGJAjYEGAEIACAWIQT1q8WMqB/0KoYkXEov
8ydDzYPciAUCX9qpnwIbDAAKCRAv8ydDzYPciFXdD/0dgijNBQCX8G1s9bSkzRqE
+nn5X02HwE6Bs0ak+2VH7kWgdc1youyow2E+68zQq6Eywi+V4S/+inBI9HqIOlzH
+Bqdiums5Ez7jmsZwuf142306rirOm6JpWMBXK+Zo4YWFSdaAjsaPzzfo+HPhwbX
dRwN6Oy5CaJ7dVQm3XuposBRTVmY08OsfNME8G4DV2R+lCsjzcqRf2s1lvqRekVI
cvfLF812H5H+Hxe2kdeJmLV2JBeVYknulULp/PC7BET3YagyslpW4b3I+LrbgdkJ
ST9rVf7bPMrG1nPBJrTxpoDngj9jje9HMUWXNH0CVmRcDndIGRgm8r0INFgBJQLA
TBSIMSwAF6Pi9c1ACmdUFI6a3pYbVFtnSyzqxx7loERQo5i/7zz7Ho3IRqtNR316
chLxIj/FXIaNdsGAPA+IlOoBPJ+vyaxj8mowP1QzJVH5lQu/fS8NkT29XknTdVN4
o9xPPLzUSc7m1v1eadpAum15L/Zc4iU6gnwiX3iaIGYXhTevbTdg4UuGAgcSBHAi
BOXbHOVMufLXNYGkxzXp1meSb3krkB4r7OX7lI+7CZmt0vNble2P8iZFm2ademu1
rFtx+VRSFtOURia+YlKXdo8AhGP8pRrgZWO7SsAfWYAAPt9MSDX2f59TO5q9vRnJ
imKo0DdaGAvOOmVeyzCMWQ==
=tOSb
-----END PGP PUBLIC KEY BLOCK-----