Monash University opens public bug bounty

By on
Monash University opens public bug bounty
(L-R) Bugcrowd CEO Ashish Gupta and Monash University CISO Dan Maslin)
LinkedIn

Websites, apps open to researchers.

Monash University has made its bug bounty public, two years after initiating an internal vulnerability disclosure program.

The move was announced by Bugcrowd and confirmed by Monash University CISO Dan Maslin in a LinkedIn post.

“As a final maturity step in a multi-year journey, this week at Monash University our bug bounty program became publicly joinable,” Maslin wrote.

“We value and support the work undertaken by the cyber security research community and appreciate it when researchers take the time to report potential security vulnerabilities to us - we welcome submissions from cyber security researchers globally.”

Offering up to $2500 for vulnerabilities, Monash University asks that researchers “be reasonable with the use of automated tools” (Origin Energy, whose bounty program went public earlier in the week, bans such tools outright).

Operating privately, the university said it has rewarded researchers for 27 vulnerabilities, and has attracted 75 members.

The university doesn’t plan routine disclosure of bugs researchers find, but said disclosure will be made “if the Monash University cyber risk and resilience team believes it is in the best interest of the general public."

"These will typically be done via CVE publication," it added.

The list of in-scope targets covers both websites and the university’s Android app. Since the app is geographically restricted, the bounty program warns researchers will probably need to present it with an Australian IP address.

As well as the university’s main website, Android and iOS mobile sites, the targets include its assessment, identity and file sharing sites, its Cisco-based VPN, all of which use Okta as their sign-in mechanism.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bug bountybugcrowdcyber securityeducationitmonash universitysecurity

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can&#8217;t protect what you can&#8217;t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
The security threat of quantum computing
The security threat of quantum computing
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age

Log In

  |  Forgot your password?