Security

Birst takes a number of measures to ensure that the data managed by Birst is safe and secure. While we’re very confident in our technology, we recognize that no system can guarantee perfect data security. For that reason, we continue to innovate to ensure that our security measures are state of the art. We will also investigate any and all reported security issues concerning Birst’s services or software.

Responsible disclosure policy

To promote the discovery and reporting of vulnerabilities and increase data security, we request that you:

  • Share the security issue with us in detail. Please report concerns to security (at) birst (dot) com.
  • Issues must be associated with the Birst web application (https://login.bws.birst.com), not the Birst web sites (https://www.birst.com, http://info.birst.com) or the Birst email configuration.
  • Give us a reasonable time to respond to the issue before making any information about it public.
  • Do not access or modify user data without permission of the account owner.
  • Act in good faith not to degrade the performance of our services (including denial of service).
  • Stop at the issue, do not use it to further exploit the service.
  • Please do not send reports for items that you can find via Nmap, Nessus, Qualys SSL Labs Server Test, or other automated scanning tools.  We regularly use these tools and know about the issues found via these tools.

We will not sue you or ask law enforcement to investigate you for activities that comply with this policy.

We’ll fully credit the first person whose report leads to the improvement of Birst security. A list of those who have contributed reports leading to a security issue will be added to this page.

To learn more about Birst security, download our white paper.

Acknowledgements

We would like to thank the following people for responsibly disclosing security issues in the Birst website or web application:

  • Rodolfo Godalle, Jr.
  • Evan Ricafort <evan.ricafort at gmail dot com>
  • Shahmeer Baloch <shahmeerbond at gmail dot com>
  • Justine Edic <jpwebdevelopmeent at yahoo dot com>
  • Rafael Pablos
  • Kalpesh Makwana
  • Manikandan Rajakumar <mani22test at gmail dot com>
  • Nitin Goplani <nitingoplani77 at gmail dot com>
  • Shivam Kumar Agarwal <agarwalshivamkumar at gmail dot com>
  • Rui Silva <dreamzztwp at gmail dot com>
  • S. Venkatesh
  • Karthik Reddy Chinnaganta <karthikreddy186 at gmail dot com>
  • Sumit Sahoo
  • Nithish Varghese <nithish.varghese2011 at gmail dot com>
  • Cristian Joseph D. Legacion