Skip to main content
Blackboard Help


If you are a Managed Hosting customer, this topic doesn't apply to you.

Blackboard strives to be vigilant at building security into its products and providing prompt and carefully tested product updates. Customers can have confidence that Blackboard is following industry-accepted security practices. Blackboard develops Blackboard Learn™ according to a set of security engineering guidelines derived from many organizations such as the Open Web Application Security Project (OWASP), including specific countermeasures for OWASP Top Ten vulnerabilities. Blackboard incorporates these security practices in all phases of the software development lifecycle (SDLC).

Blackboard utilizes several methods to protect our applications including "top-down" security assessments through Threat Modeling and analysis as well as "bottom-up" code-level threat detection through static analysis, dynamic analysis, and manual penetration testing.

Blackboard follows best practice guidance from many organizations to help strengthen the security of Blackboard Learn's product and program. A few organizations are noted here:

  • National Institute of Standards and Technology (NIST)
  • European Network and Information Security Agency (ENISA)
  • SANS Institute
  • Open Web Application Security Project (OWASP)
  • Cloud Security Alliance (CSA)

Security threats and countermeasures surrounding Learning Management Systems are ever-changing. Thus, Blackboard regularly assesses its Product Security Roadmap. In the past year (2012), customers should have been able to feel a strong security presence and see demonstrable results. Customers can feel a presence of security on Behind the Blackboard with our detailed security advisories and patches, the EU Cookie Disclosure Building Block, downloadable Security Webinars, and a dedicated channel to report security issues,

New in Blackboard Learn, Release 9.1 Service Pack 12

A new standardized security log. Industry accepted user password storage that uses the salted SHA-512 standard for institutions that use the internal authenticator.