OnCourse is committed to ensuring the safety of the customers who use our products and services. If you believe you have found a security issue in one of our products or services, we appreciate your help in disclosing it to us in a responsible manner. We welcome working with you to resolve the issue promptly.
- Please send all submissions to security@oncoursesystems.com.
- Please provide us with your reference/advisory number and sufficient contact information, such as your organization and contact name so we can get in touch with you.
- Please provide a technical description of the concern or vulnerability including the date and time of testing, URLs, the browser type and version, as well as the input provided to the application.
- To help us to verify the issue, please provide any additional information, including details on the tools used to conduct the testing and any relevant test configurations. If you wrote specific proof-of-concept or exploit code, please provide a copy in the email.
- Refrain from including any sensitive information, e.g. student information, in any screen shots or other attachments you provide to us.
We ask that you do not share or publicize an unresolved vulnerability with the public or third parties. If you responsibly submit a vulnerability report, we will use reasonable efforts to:
- Acknowledge receipt of your vulnerability report in a timely manner.
- Provide an estimated time frame for addressing the vulnerability report.
- Notify you when the vulnerability is fixed.
- Provide full credit to researchers who make a vulnerability report or perform testing, in publicly released patch or security fix release information, if requested.