Report an Issue
The BlackBerry Product Security Incident Response Team (PSIRT) responds to and investigates reports of security vulnerabilities in BlackBerry products.
If you suspect you have discovered a security vulnerability in a supported BlackBerry product, please let us know by sending an email to email@example.com. Please also review the BlackBerry Coordinated Vulnerability Disclosure Policy located here.
Before you report a security vulnerability, please review the following items.
A security vulnerability can be generally defined as a flaw in software code that would allow a malicious user to gain access to information or capabilities that they should not have access to. Many problems that appear to be security-related are not actually caused by a vulnerability in a supported BlackBerry product.
You can find answers to common scenarios through the following self-service options. If you find the answer here, you don’t need to submit a security issue.
Depending on which BlackBerry product you are experiencing issues with and its support status, additional self-service or full-service support options may be available. Please access the BlackBerry contact catalog and select the Technical Support Inquiry Type, and then the most appropriate option from the Product/Inquiry Group (e.g., Enterprise, Smartphones, IoT, etc.). Complete the form to determine the available self- and full-service options.
BlackBerry takes all vulnerability reports seriously and investigates each one individually. However, to fully investigate your report, we need complete details and a Proof of Concept (PoC) for the vulnerability:
- the name, version and configuration details of the affected BlackBerry product or BlackBerry-owned website
- a complete and clear description of the vulnerability and the environment with which it was discovered
- detailed steps to reproduce the vulnerability
- screenshots or video to demonstrate POC
If you have read the checklist above and have a security vulnerability to report to BlackBerry, please contact BBPSIRT via firstname.lastname@example.org. Researchers can choose to report their vulnerability through a secure channel using our PGP public key when emailing or can request access to a BlackBerry Workspaces location.
Security researchers who wish to submit a vulnerability in a BlackBerry QNX product or service can also report an issue here – learn more.
Please ensure that your report contains the following information:
- The BlackBerry product or service that you are reporting a vulnerability against, including version information for products
- A description of the vulnerability, including steps to reproduce
- A screenshot or video POC of the vulnerability