MIT Security - Alpha Phase of Bug Bounty Program in April 2016

MIT Security - Alpha Phase of Bug Bounty Program in April 2016

In april 2016 the well known MIT EDU started a new official bug bounty program. The MIT Bug Bounty program is an experimental program aiming to improve MIT's online security and foster a community for students to research and test the limits of cyber security in a responsible fashion.

In- Scope Domains

In-Scope Vulnerabilities

  • Remote Code Execution (RCE)
  • SQL Injection
  • Authorization bypass / escalation
  • Information Leaks
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)

Out-of-Scope Vulnerabilities

  • Any bug that does not pose a real or demonstrable security risk
  • Denial Of Service Attacks (DOS)
  • Social Engineering
  • Physical exploits of our servers or network
  • Local network-based exploits such as DNS poisoning or ARP spoofing

The program runs actually in an alpha-testing mode without commercial rewards. In the alpha version the researchers must to request a kerberos account to submit a security ticket. During the next months the program will change to a commercial oriented model to reward security researchers permanently. Feel free to register with the program or report your prepared issues by mail to the mit edu security team administrators.


Rate this article: 
Average: 2.8 (4 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.