BlueJeans takes the security, integrity, availability of the service, and the privacy of our users seriously. We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being proactive rather than reactive to emerging security issues is a fundamental belief at BlueJeans. Every day new security issues and attack vectors are created. BlueJeans strives to keep abreast of the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.
Rules of engagement:
We are interested in hearing about security issues in production BlueJeans sites and our client software applications. These in-scope, production assets have been listed below under 'Targets'. That said, there are some things we explicitly ask you not to do:
- Do not run automated scans without checking with us first. They are often very noisy.
- If running any automated testing tools, be sure to keep well under 100 requests per second - otherwise you're likely to get locked out.
- Do not test the physical security of BlueJeans offices, employees, equipment, etc.
- Do not test using social engineering techniques (phishing, vishing, etc.)
- Do not perform DoS or DDoS attacks.
- In any way attack our end users, or engage in the trade of stolen user credentials.
- In any way disrupt our customers
This program adheres to the Bugcrowd Vulnerability Rating Taxonomy for the prioritization/rating of findings.
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.