Before you report a security vulnerability, please review the following items.
Is my problem a security vulnerability or a technical support inquiry?
A security vulnerability can be generally defined as a flaw in software code that would allow a malicious user to gain access to information or capabilities that they should not have access to. Many problems that appear to be security-related are not actually caused by a vulnerability in a supported BlackBerry product.
You can find answers to common scenarios through the following self-service options. If you find the answer here, you don’t need to submit a security issue.
- Knowledge Base
- Help Blog
- Support Forums (provided by CrackBerry)
Depending on which BlackBerry product you are experiencing issues with and its support status, additional self-service or full-service support options may be available. Please access the BlackBerry contact catalog and select the Technical Support Inquiry Type, and then the most appropriate option from the Product/Inquiry Group (e.g., Enterprise, Smartphones, IoT, etc.). Complete the form to determine the available self- and full-service options.
Is the security vulnerability in a supported BlackBerry product or website?
To determine whether a product is in support, please see the BlackBerry Software Support Lifecycle.
Have I reviewed the BlackBerry Coordinated Vulnerability Disclosure Policy?
Please review the BlackBerry Coordinated Vulnerability Policy here.
Do I have full details of the vulnerability, including detailed steps to reproduce and screenshots or video to demonstrate POC?
BlackBerry takes all vulnerability reports seriously and investigates each one individually. However, to fully investigate your report, we need complete details and a Proof of Concept (PoC) for the vulnerability:
- the name, version and configuration details of the affected BlackBerry product or BlackBerry-owned website
- a complete and clear description of the vulnerability and the environment with which it was discovered
- detailed steps to reproduce the vulnerability
- screenshots or video to demonstrate POC
If you have read the checklist above and have a security vulnerability to report to BlackBerry, please contact BBPSIRT via secure@blackberry.com. Researchers can choose to report their vulnerability through a secure channel using our PGP public key when emailing or can request access to a BlackBerry Workspaces location.
Security researchers who wish to submit a vulnerability in a BlackBerry QNX product or service can also report an issue here – learn more.
Please ensure that your report contains the following information:
- The BlackBerry product or service that you are reporting a vulnerability against, including version information for products
- A description of the vulnerability, including steps to reproduce
- A screenshot or video POC of the vulnerability