As part of Noggin’s ongoing efforts to ensure the confidentiality, integrity and availability of data and platforms, Noggin has established a Vulnerability Disclosure Programme (VDP) to encourage the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and/or processes which may potentially affect internet-accessible applications. Our VDP is one part of a broader vulnerability management strategy which includes internal code review, vulnerability scanning and penetration testing.
Noggin values and supports the work undertaken by the security research community and appreciates it when researchers take the time to report potential security vulnerabilities to us. The Noggin Vulnerability Disclosure Program provides security researchers a mechanism to directly submit research findings if they believe they have found a potential security vulnerability within the Noggin Platform. We look forward to working with the cybersecurity research community and members of the public to keep our services safe for all users.
The confidentiality, integrity and availability of Noggin Platforms is our highest priority, and we take every care to keep them secure. Despite our efforts, there may still exist some vulnerabilities.
We would like to engage with the security community and our VDP allows security researchers to report their findings. If you think you have found a potential vulnerability in any of our systems, services or products, please notify us as soon as practical by downloading the following policy document which contains the rules and process to follow.
You are expected to act responsibly at all times. Please note that the VDP does not authorise or permit the taking of any action which may contravene applicable laws and regulations. For the avoidance of doubt, attempts to exploit or test suspected vulnerabilities (e.g. gaining unauthorised access to any computer program or data) are prohibited.