At Blackstone, we are committed to maintaining the security of our platforms and systems as well as safeguarding information entrusted to us, including personal information of investors, employees, and other third parties.
Blackstone has created this Responsible Vulnerability Disclosure Program (“Program”) because we understand that security researchers can contribute to our efforts in maintaining a safe environment. Accordingly, we encourage submissions in accordance with this Program.
If you believe you have discovered a security vulnerability in one of the applications or systems under a Blackstone owned domain, please report it to our cybersecurity team at [email protected] with the subject line “Responsible Vulnerability Disclosure”. Please include 1-2 sentences describing the potential vulnerability and detailed steps to reproduce it along with any additional information to help our team understand and address the vulnerability effectively. All submissions must be sent by encrypted means, so please ensure you have enabled encryption in your email preferences. The Blackstone cybersecurity team will acknowledge receipt of all properly submitted initial submissions within two business days.
Blackstone does not offer rewards or compensation to individuals who submit potential vulnerabilities.
Responsible Vulnerability Disclosure
Program requirements
Security researchers participating in this Program are prohibited from engaging in unauthorized activities, including but not limited to:
- Attacking or attempting to gain unauthorized access to Blackstone’s applications, systems, or information, including in violation of applicable law;
- Downloading, copying, disclosing, or using any of Blackstone’s proprietary, confidential, or personal information; and
- Disrupting the operations of Blackstone’s applications or systems.
In addition, the following requirements apply to any security researcher participating in this Program:
- You must refrain from disclosing any information related to your findings to any third party or the public, unless you obtain Blackstone’s prior written consent.
- You agree that any and all information acquired, accessed, or otherwise processed by you is confidential to Blackstone and shall be held in the strictest of confidence.
- You must comply with all applicable federal, state, and local laws.
- If you encounter the personal information of any employee, investor, or third party related to Blackstone, you must immediately stop your research, permanently and irreversibly delete the information from your system, IT resources, or other assets, and contact [email protected].
- You consent to Blackstone collecting, using, disclosing, or otherwise processing any personal information you provide to Blackstone as part of your submission.
- You must not be an employee or contractor of Blackstone.
You grant Blackstone all rights to your submission needed to validate or mitigate the vulnerability in Blackstone’s sole discretion.
Blackstone reserves all legal rights with respect to any of the activities described in this Program.
By submitting a potential vulnerability to Blackstone, you are indicating that you have read, understand, and agree to the requirements set out above.