Instructure Trust Center
Application Security
Instructure has a software development lifecycle (SDLC) that incorporates secure coding practices and controls.
Application Security
Secure Development
All code goes through a developer peer-review process before it is merged into the code base repository. The code review includes security auditing based on the Open Web Application Security Project (OWASP) secure coding and code review documents (including the OWASP Top Ten) and other community sources on best security practices.
Security Testing
We place great importance on security testing. We want our code to run as smoothly as possible for our customers, and that's why we take extreme care to implement both preventative and detective mechanisms throughout the SDLC, with an integrated QA process to the design, development, and maintenance of our products. The bottom line for our customers: all code changes run through our full QA test suite before they can be accepted into the relevant product to ensure secure code, consistent performance, and a great all-round experience.
Security Researcher Community Participation
Our Ongoing Bounty Program is a supplemental program to application assessments and/or penetration testing. The program is run by Bugcrowd, who leverage a crowd of security researchers. This increases the probability of discovering esoteric issues that automated testing cannot find and that traditional vulnerability assessments may miss in any given testing period.
For anyone interested in joining our bug bounty program as a security researcher, please contact security@instructure.com with your Bugcrowd username and we will be pleased to add you to the research team.
Get the Support You Need