Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to Blue dot's Trust Center.

Blue dot is a Software as a Service provider offering services pertaining to tax reclamation and compliance in a modern world where employees are empowered to make expenses for the company.

Use this Trust Center to learn about our security posture and request access to our security documentation.

Documents

REPORTSSecurity Whitepaper
Trust Center Updates

Updating Security Whitepaper

ComplianceCopy link

We have updated our Security Whitepaper. You can download it in the documents section.

Published at N/A

Blue dot publishes the AI policy and practices

ComplianceCopy link

AI Policy updated, adding data flow diagrams and process of usage of LLM/GenAI models

Published at N/A

AI Policy updated, adding clarity for fairness and avoiding bias

Published at N/A

Blue dot has updated the Information Security Policy, and the Architecture and Privacy whitepapers to include the AI policy. Please review them in our Documents section.

Published at N/A

Blue dot has published the AI policy and posture. Please find it here https://trust.bluedotcorp.com/?itemName=ai&source=click

Published at N/A*

Completed Disaster Recovery Test and Business Continuity test cycle for 2024

ComplianceCopy link

Blue dot completed a Business Continuity Test and a Disaster Recovery Test as separate test instances within the period April - June 2024.

  • Business Continuity tabletop test with scenario of major outage of one location of the company, testing communication channels, ability to reach the teams, communicate and make decisions.
  • Disaster Recovery technical test of loss of primary database and loss of communication to analytics databases (Snowflake), with included restore of backup test.
Published at N/A

Blue dot status: regreSSHion CVE-2024-6387 OpenSSH vulnerability

VulnerabilitiesCopy link

A subsequent vulnerability CVE-2024-6409 - similar to regreSSHion was reported impacting OpenSSH versions 8.7 and 8.8, including certain downstream patches like openssh-7.6p1-audit.patch in Red Hat's package.

We have reviewed and confirmed that the Blue dot platform is not vulnerable to CVE-2024-6409

Published at N/A

On July 1, 2024, Qualys Threat Research Unit (TRU) research reported a vulnerability CVE-2024-6387

Blue dot has performed a review of its infrastructure to check for possibility of exposure to the infrastructure and services of Blue dot.

Current status

We would like to inform you that Blue dot is not impacted by the CVE-2024-6387.

  • We are using AWS based services for SFTP transfer and we have confirmed that AWS services aren’t affected.
  • We have performed a review of our infrastructure and have not identified a service exposing a vulnerable OpenSSH version.

Next steps

  • We are continuing to monitor our infrastructure and will update this notification if any changes are detected.
Published at N/A

External Penetration Test Completed

VulnerabilitiesCopy link

The external penetration test for 2024 of our platform is completed. The external penetration test summary report is available after signing NDA.

Please contact us for more details. https://www.bluedotcorp.com/company/contact-us/

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo