Blackboard strives to be vigilant at building security into its products and providing prompt and carefully tested product updates. Customers can have confidence that Blackboard is following industry-accepted security practices. Blackboard develops Blackboard Learn™ according to a set of security engineering guidelines derived from many organizations such as the Open Web Application Security Project (OWASP), including specific countermeasures for OWASP Top Ten vulnerabilities. Blackboard incorporates these security practices in all phases of the software development lifecycle (SDLC).
Blackboard utilizes several methods to protect our applications including "top-down" security assessments through Threat Modeling and analysis as well as "bottom-up" code-level threat detection through static analysis, dynamic analysis, and manual penetration testing.
Blackboard follows best practice guidance from many organizations to help strengthen the security of Blackboard Learn's product and program. A few organizations are noted here:
- National Institute of Standards and Technology (NIST)
- European Network and Information Security Agency (ENISA)
- SANS Institute
- Open Web Application Security Project (OWASP)
- Cloud Security Alliance (CSA)
Security threats and countermeasures surrounding Learning Management Systems are ever-changing. Thus, Blackboard regularly assesses its Product Security Roadmap. In the past year (2012), customers should have been able to feel a strong security presence and see demonstrable results. Customers can feel a presence of security on Behind the Blackboard with our detailed security advisories and patches, the EU Cookie Disclosure Building Block, downloadable Security Webinars, and a dedicated channel to report security issues, LearnSecurity@blackboard.com.