Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
26 lines (21 sloc) 4.58 KB

Can you hack your university?

Bug bounty programs are becoming standard across companies and governments. Universities are slower to adopt, and they's many documented cases of schools punishing students for unauthorized access to systems.

This is a list of universities that have bug bounty programs or vulnerability disclosure policies. Please reach out if your school has a program that I've missed, or if you would like help starting a bug bounty program at your school!

Note: This list is not an invitation to hack any of the listed universities. Ensure that you comply with all listed terms of a university's bug bounty program. Most are restricted to students of the university.

School Type Rewards Link Notes
Stanford Bug Bounty $50-$1000 https://bounty.stanford.edu
MIT Bug Bounty TechCASH https://bounty.mit.edu May no longer be active
Penn State Bug Bounty LionCash https://news.psu.edu/story/468788/2017/05/18/academics/blue-and-white-hats-penn-state-launches-bug-bounty-program Invitation only, may no longer be active
Drexel Bug Bounty None https://drexel.edu/it/security/services-processes/bug-bounty/
Duke VDP None https://security.duke.edu/policies/responsible-disclosure Permission required
Georgia Tech VDP None https://policylibrary.gatech.edu/information-technology/responsible-disclosure-policy Permission required
Seton Hall VDP None https://www.shu.edu/web/disclosure-guidelines.cfm
George Mason University SRCT VDP None https://srct.gmu.edu/documents/usage_policy/ Only certain projects
Fontys University VDP None https://fontys.edu/About-us/Who-we-are/Rules-regulations/Responsible-disclosure.htm
Erasmus University Rotterdam VDP None https://www.eur.nl/en/campus/security-safety/information-security/responsible-disclosure
Leiden University VDP None https://www.staff.universiteitleiden.nl/binaries/content/assets/ul2staff/ict/responsible-disclosure-eng.pdf
University of Twente VDP None https://www.utwente.nl/en/cyber-safety/responsible/
Hogeschool Rotterdam VDP None https://www.rotterdamuas.com/footer/security/
Vrije Universiteit Amsterdam VDP None https://www.vu.nl/en/about-vu-amsterdam/contact-info-and-route/departments/security-operations-control-center/disclosure/index.aspx
Tilburg University VDP None https://www.cert.uvt.nl/general/responsibledisclosure
You can’t perform that action at this time.