hack-your-university
hack-your-university copied to clipboard
EdOverflow
A list of universities with vulnerability disclosure policies
Can you hack your university?
Vulnerability disclosure policies and bug bounty programs are becoming standard across companies and governments. Universities are slower to adopt, and they's many documented cases of schools punishing students for unauthorized access to systems.
This is a list of universities that have bug bounty programs or vulnerability disclosure policies. Please reach out if your school has a program that I've missed, or if you would like help starting a bug bounty program at your school!
Note: This list is not an invitation to hack any of the listed universities. Ensure that you comply with all listed terms of a university's bug bounty program. Most are restricted to students of the university.
| School | Type | Rewards | Link | Notes |
|---|---|---|---|---|
| Stanford | Bug Bounty | $50-$1000 | https://bounty.stanford.edu | |
| MIT | Bug Bounty | TechCASH | https://bounty.mit.edu | May no longer be active |
| Penn State | Bug Bounty | LionCash | https://news.psu.edu/story/468788/2017/05/18/academics/blue-and-white-hats-penn-state-launches-bug-bounty-program | Invitation only, may no longer be active |
| Drexel | Bug Bounty | None | https://drexel.edu/it/security/services-processes/bug-bounty/ | |
| Duke | VDP | None | https://security.duke.edu/policies/responsible-disclosure | Permission required |
| Georgia Tech | VDP | None | https://policylibrary.gatech.edu/information-technology/responsible-disclosure-policy | Permission required |
| Seton Hall | VDP | None | https://www.shu.edu/web/disclosure-guidelines.cfm | |
| George Mason University SRCT | VDP | None | https://srct.gmu.edu/documents/usage_policy/ | Only certain projects |
| Fontys University | VDP | None | https://fontys.edu/About-us/Who-we-are/Rules-regulations/Responsible-disclosure.htm | |
| Erasmus University Rotterdam | VDP | None | https://www.eur.nl/en/campus/security-safety/information-security/responsible-disclosure | |
| Leiden University | VDP | None | https://www.staff.universiteitleiden.nl/binaries/content/assets/ul2staff/ict/responsible-disclosure-eng.pdf | |
| University of Twente | VDP | None | https://www.utwente.nl/en/cyber-safety/responsible/ | |
| Hogeschool Rotterdam | VDP | None | https://www.rotterdamuas.com/footer/security/ | |
| Vrije Universiteit Amsterdam | VDP | None | https://www.vu.nl/en/about-vu-amsterdam/contact-info-and-route/departments/security-operations-control-center/disclosure/index.aspx | |
| Tilburg University | VDP | None | https://www.cert.uvt.nl/general/responsibledisclosure | |
| University of Waterloo | VDP | None | https://soc.uwaterloo.ca/security.txt | |
| University of Education Zurich | VDP | None | https://phzh.ch/.well-known/security.txt | |
| Karlsruhe Institute of Technology | VDP | None | https://www.kit.edu/.well-known/security.txt | |
| Embry–Riddle Aeronautical University | VDP | None | https://erau.edu/.well-known/security.txt | |
| Lyon College | VDP | None | https://www.lyon.edu/.well-known/security.txt |
Metadata
Owner
EdOverflow
Metadata
A list of universities with vulnerability disclosure policies