EduQuery: Enhance Education with AI

Built with security in mind

Eduquery is committed to providing our clients with secure applications. Eduquery develops our products according to a set of security engineering guidelines derived from many organizations such as the Open Web Application Security Project (OWASP), including specific countermeasures for OWASP Top Ten vulnerabilities. Eduquery incorporates these security practices in all phases of the software development lifecycle (SDLC).

Eduquery follows best practice guidance from many organizations to help strengthen the security of our products and programs, including:

National Institute of Standards and Technology (NIST)
SANS Institute
Open Web Application Security Project (OWASP)
Center for Internet Security (CIS)

Vulnerability Management Commitment and Disclosure Policy

Eduquery's vulnerability management program is governed by this public-facing Vulnerability Management Commitment and Disclosure Policy. No software is perfect - in the event a security vulnerability is identified in a released product, Eduquery's Security Team is ready to respond.

Eduquery is committed to resolving security vulnerabilities carefully in accordance with the risk of the vulnerability. Such resolutions may lead to the release of a Security Advisory and/or any needed product update for our clients. In order to protect our clients and their data, we request that vulnerabilities be responsibly and confidentially reported to us so that we may investigate and respond.

Eduquery’s products are complex. They run on diverse hardware and software configurations and are connected to many third-party applications. All software modifications—big or small—require thorough analysis, as well as development and implementation across multiple product lines and versions. The software must also undergo localization, accessibility, and testing appropriate to its scope, complexity, and severity. Given the critical importance of our products to our clients, Eduquery must ensure that they run correctly not only in our testing facilities, but also in customer environments. Accordingly, Eduquery cannot commit to product updates on specific timelines, but we are committed to working expeditiously.

Malicious parties often exploit software vulnerabilities by reverse engineering published security advisories and product updates. It is important for clients to update software promptly and use our severity rating system as a guide to appropriately schedule upgrades.