Bloomscape, Inc. takes the security of our customers and partners seriously.

We appreciate members of the security community who work with us to responsibly disclose any concerns so we can address. We take ownership of making those security patches and protect our customers and systems.

For the protection of our clients and our own systems and infrastructure, Bloomscape does not disclose or discuss security issues until our internal research is complete and any necessary patches are available. We ask that all who report comply with the following guidelines when reporting a vulnerability:

• Allow Bloomscape an opportunity to address a vulnerability within a reasonable period of time
• Do not publicly share information about the vulnerability prior to updates being available
• Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Bloomscape services or applications
• Do not freely exploit, modify, or destroy data that does not belong to you

We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues (confirming the report within one week of submission).

Note: At this time, Bloomscape does not have a bug bounty program.