MIT Security - Alpha Phase of Bug Bounty Program in April 2016

Editorial_Staff_Team's picture

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and test the limits of cyber security in a responsible fashion.

In- Scope Domains

In-Scope Vulnerabilities

  • Remote Code Execution (RCE)
  • SQL Injection
  • Authorization bypass / escalation
  • Information Leaks
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)

Out-of-Scope Vulnerabilities

  • Any bug that does not pose a real or demonstrable security risk
  • Denial Of Service Attacks (DOS)
  • Social Engineering
  • Physical exploits of our servers or network
  • Local network-based exploits such as DNS poisoning or ARP spoofing

The program runs actually in an alpha-testing mode without commercial rewards. In the alpha version the researchers must to request a kerberos account to submit a security ticket. During the next months the program will change to a commercial oriented model to reward security researchers permanently. Feel free to register with the program or report your prepared issues by mail to the mit edu security team administrators.

Reference(s):

https://bounty.mit.edu/

Rate this article: 
Average: 2.8 (4 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.