Safeguarding our customers’ security and privacy will always be a top priority for BlackBerry. With the capabilities of attackers and mobile threats continuously evolving and increasing, BlackBerry has a 24/7 response team dedicated to identifying and addressing security and privacy issues. As one of the only companies in the mobile industry to have a dedicated incident response team, BlackBerry is able to better protect customers from emerging mobile threats.
In addition to monitoring the threat landscape 24/7, the BlackBerry Security Incident Response Team (BBSIRT) issues security, privacy, and malware notices, as well as security advisories to communicate important updates to customers and the industry. The notifications and advisories are further examples of the steps BlackBerry takes to ensure customers are both informed and protected.
BlackBerry issues security advisories to inform customers about the availability of a software update to address a confirmed vulnerability. Unlike a security notice (described below), which aims to inform customers of a vulnerability, a security advisory includes information on the security issue as well as the software update that addresses the vulnerability.
Customers can expect the advisory to include technical details regarding the vulnerability, mitigations, workarounds and authoritative guidance to reduce their risk. BBSIRT regularly releases security advisories on the second Tuesday of each month, however, if there is imminent risk to customers, we will release a security advisory sooner to help ensure customers are protected.
BlackBerry issues security notices to inform customers about identified software vulnerabilities that we are either working to address, or that we do not believe warrant a specific software update, given the low risk and severity.
Customers can expect security notices to provide mitigations, workarounds, and authoritative guidance to reduce any potential risk. We do not follow a set schedule for issuing security notices, but rather release these notifications as needed to provide customers with information on how to best secure their device.
BlackBerry issues privacy notices to inform customers about third-party applications that do not clearly or adequately inform customers of how the app is accessing and possibly using their data. While such apps do not typically appear to have to have malicious objectives or aim to mislead customers, we want to provide customers with information regarding an app’s behavior in order for them to make an informed decision about whether to continue using the app.
Customers can expect privacy notices to include information about the application’s behavior, and how to remove it, if the customer determines that is the best course of action. We release privacy notices every third Tuesday of the month in order to provide customers with a regular schedule for receiving information.
BlackBerry issues malware notices to inform customers about third-party applications that contain code developed with malicious intent.
Customers can expect malware notices to provide them with details about the malware’s behavior, potential mitigations and guidance on how to remove it from their device. Similar to security notices, malware notices are released as needed to inform and protect customers, and there is no set schedule.
Customers can find these updates on the BBSIRT website at www.blackberry.com/bbsirt. In addition, BBSIRT also provides updates on its Twitter handle, which is @BBSIRT. Customers may also sign up to receive RSS feeds for the notices and advisories referenced in this blog by visiting the BBSIRT website.
BlackBerry remains committed to providing customers a unique level of protection, especially as mobile devices are playing a greater role in their busy lives. By publicly releasing notices and security updates, we are providing customers with the tools and information that they need to help safeguard their BlackBerry products. Additionally, through this type of public disclosure we are continuing to foster industry collaboration as we work to improve security for the mobile landscape overall.