Trust Center
Welcome to Blue dot's Trust Center.
Blue dot is a Software as a Service provider offering services pertaining to tax reclamation and compliance in a modern world where employees are empowered to make expenses for the company.
Use this Trust Center to learn about our security posture and request access to our security documentation.
We have updated our Security Whitepaper. You can download it in the documents section.
AI Policy updated, adding data flow diagrams and process of usage of LLM/GenAI models
AI Policy updated, adding clarity for fairness and avoiding bias
Blue dot has updated the Information Security Policy, and the Architecture and Privacy whitepapers to include the AI policy. Please review them in our Documents section.
Blue dot has published the AI policy and posture. Please find it here https://trust.bluedotcorp.com/?itemName=ai&source=click
Blue dot completed a Business Continuity Test and a Disaster Recovery Test as separate test instances within the period April - June 2024.
- Business Continuity tabletop test with scenario of major outage of one location of the company, testing communication channels, ability to reach the teams, communicate and make decisions.
- Disaster Recovery technical test of loss of primary database and loss of communication to analytics databases (Snowflake), with included restore of backup test.
A subsequent vulnerability CVE-2024-6409 - similar to regreSSHion was reported impacting OpenSSH versions 8.7 and 8.8, including certain downstream patches like openssh-7.6p1-audit.patch in Red Hat's package.
We have reviewed and confirmed that the Blue dot platform is not vulnerable to CVE-2024-6409
On July 1, 2024, Qualys Threat Research Unit (TRU) research reported a vulnerability CVE-2024-6387
Blue dot has performed a review of its infrastructure to check for possibility of exposure to the infrastructure and services of Blue dot.
Current status
We would like to inform you that Blue dot is not impacted by the CVE-2024-6387.
- We are using AWS based services for SFTP transfer and we have confirmed that AWS services aren’t affected.
- We have performed a review of our infrastructure and have not identified a service exposing a vulnerable OpenSSH version.
Next steps
- We are continuing to monitor our infrastructure and will update this notification if any changes are detected.
The external penetration test for 2024 of our platform is completed. The external penetration test summary report is available after signing NDA.
Please contact us for more details. https://www.bluedotcorp.com/company/contact-us/
If you think you may have discovered a vulnerability, please send us a note.