Secure Your Organization

The BlackBerry Security Incident Response Team (SIRT) works to make BlackBerry® one of the most secure mobile platforms available. The BlackBerry SIRT builds collaborative relationships across the industry, monitors the security threat landscape and responds rapidly to emerging incidents to provide customers with the guidance and tools they need to protect their systems and devices.

Latest News

OSS Security Maturity Webinar

In August, Jake Kouns of Risk Based Security, joined Christine Gadsby, the head of BBSIRT, to present a webcast of their Black Hat 2016 talk, analyzing the real risk of using Open Source Software and the best way to manage its use within your organization.

Watch the webcast's recording at BrightTalk.
See details of OSS management services available from BlackBerry’s Cyber Security consultants on our website.

New Security Notice RSS Feed

Due to recent changes to the BlackBerry Public Knowledge Base, previously configured RSS feeds will no longer return new knowledgebase articles. This includes Security Advisories and Security Notices. To continue receiving updates, you will need to subscribe to the new RSS feeds.

Please visit http://support.blackberry.com to subscribe to the Security Advisories and Security Notices RSS feed.

BlackBerry Releases Privacy Guidance for Third-Party App Developers

To discourage privacy-infringing apps, BlackBerry Security Incident Response Team released new privacy guidance for BlackBerry® World™ app developers that helps clarify what BlackBerry considers personal information and provides general guidance on how it should be protected.

Advisories & Notices

BlackBerry is committed to improving the security of its products and strives to identify and remove vulnerabilities before the product is released to market. However, software vulnerabilities remain a fact of life and the BlackBerry Security Incident Response Team (SIRT) is prepared to advise you about risks to you and the availability of software fixes.

  • About Advisories, Bulletins and Notices

    In addition to monitoring the threat landscape, the BlackBerry Security Incident Response Team (BBSIRT) issues security, privacy, and malware notices, as well as security advisories and bulletins to communicate important updates to customers and the industry. These communication vehicles are further examples of the steps BlackBerry takes to ensure customers are both informed and protected.

    • Security Advisory

      BlackBerry issues security advisories to inform customers about the availability of a software update for a supported BlackBerry product to address a confirmed vulnerability. Unlike a security notice (described below), which aims to inform customers of a vulnerability, a security advisory includes information on the security issue as well as the software update that addresses the vulnerability.

      Customers can expect the advisory to include technical details regarding the vulnerability, mitigations, workarounds and authoritative guidance to reduce their risk. BBSIRT releases security advisories on the second Tuesday of the month, in alignment with current industry practice. However, if there is imminent risk to customers, we will release a security advisory sooner to help ensure customers are protected. 

    • Security Notice

      BlackBerry issues security notices when appropriate to inform customers about high-visibility software vulnerabilities that BlackBerry is investigating and has determined to impact supported BlackBerry products, and is working to address for supported BlackBerry products.

      Customers can expect security notices to provide mitigations, workarounds, and authoritative guidance to reduce any potential risk. We do not follow a set schedule for issuing security notices, but rather release these notifications as needed to provide customers with information on how best to secure their products.

    • Security Bulletin

      BlackBerry issues security bulletins to notify users of its BlackBerry powered by Android smartphones about available security fixes in its monthly Security Maintenance Release update. The bulletin is in response to the monthly Android Security Bulletin and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.

      Customers can expect security bulletins to provide a complete list of security vulnerabilities fixed in the monthly Security Maintenance Release. BBSIRT regularly releases security bulletins on the first Monday of the month. 

    • Privacy notice

      BlackBerry issues privacy notices to inform customers about third-party applications that do not clearly or adequately inform customers of how the app is accessing and possibly using their data. While such apps do not typically appear to have to have malicious objectives or aim to mislead customers, we want to provide customers with information regarding an app’s behavior in order for them to make an informed decision about whether to continue using the app.

      Customers can expect privacy notices to include information about the application’s behavior, and how to remove it, if the customer determines that is the best course of action. We release privacy notices as needed on the third Tuesday of the month in order to provide customers with a predictable schedule for receiving information. 

    • Malware Notice

      BlackBerry issues malware notices to inform customers about third-party applications that contain code developed with malicious intent.

      Customers can expect malware notices to provide them with details about the malware’s behavior, potential mitigations and guidance on how to remove it from their device. Similar to security notices, malware notices are released as needed to inform and protect customers, and there is no set schedule.

      BlackBerry remains committed to providing customers a unique level of protection, especially as mobile devices are playing a greater role in their busy lives. By publicly releasing notices and security updates, we are providing customers with the tools and information that they need to help safeguard their BlackBerry products. Additionally, through this type of public disclosure, we are continuing to foster industry collaboration as we work to improve security for the mobile landscape overall. 

Security Updates

Helping to protect customers from security threats is the number one priority of the BlackBerry SIRT. This team provides security updates for publicly released, non-Beta BlackBerry products. The team also scores security issues using the Common Vulnerability Scoring System (CVSS), and those identified as severe are given the highest level of priority.

Before the release of a security update, BlackBerry build and test processes must first determine that the update is of the quality customers expect. The BlackBerry SIRT publishes security advisories and notices to inform you that updates or guidance are available, and provides the details you need to complete a tailored risk assessment.

Collaborations

An essential part of the daily work of the BlackBerry Security Incident Response Team (SIRT) includes collaborating with customers, partners, vendors, governments, academics and the security research community. Ongoing engagement helps BlackBerry deliver a unique level of security that customers depend upon.

Conference Hosting and Sponsorship

Meet the Team at Security Events Around the World

The BlackBerry SIRT sponsors numerous security conferences around the world every year. These events provide the team with an opportunity to continue to foster relationships with members of the security community as well as support the research that comes out of it. While BlackBerry invests heavily in internal security engineering, supporting and recognizing independent security research is crucial for the industry and BlackBerry® customers.

BlackBerry SIRT focuses on keeping an open dialogue with key groups throughout the mobile industry in order to ensure a continuous exchange of ideas, technology and techniques. By routinely working together, BlackBerry and its industry partners are advancing mobile technology and protecting customers from emerging security and privacy issues.

Acknowledgements

The BlackBerry SIRT thanks the following people and organizations for reporting security issues under the industry practice of coordinated disclosure and working with the team to protect BlackBerry customers.

Link CSS override