Skip to content

add new program: {Monash University} #443

New issue
New issue
Closed
Closed
add new program: {Monash University}#443
@nohattraveller

Description

@nohattraveller
nohattraveller
opened on Jul 16, 2024

URL

https://www.monash.edu/cybersecurity/about/mon-csirt

Contact

https://bugcrowd.com/monash-mbb

Bounty

Yes

Additional Information

https://www.monash.edu/.well-known/security.txt

Monash University is committed to protecting the confidentiality, integrity and availability of its information and digital platforms. At Monash, we value and support the work undertaken by the security research community and appreciate it when researchers take the time to report potential security vulnerabilities to us. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our technology systems. Good luck, and happy hunting!
Rules of engagement

All email addresses belonging to researchers should be your @bugcrowdninja.com.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
Do not modify data that does not belong to you.
You’ll be testing production systems, Please be reasonable with the use of automated tools.
Tools that may result in a Denial Of Service (DoS) are prohibited.
Please be sure to check domain records to confirm Monash University ownership; Do not test assets not owned and controlled by Monash University.

Public Disclosure:

Monash University does not permit public disclosure at this point in time. Exceptions will be made if the Monash University Cyber Risk & Resilience Team believes it is in the best interest of the general public and these will typically be done via CVE publication. In this situation, we would reach out to the researcher to ask if they would like to be acknowledged and named in the CVE record.

##Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions