Monash University in Melbourne, Australia, has launched a public bug bounty program to help maintain the security of its digital platforms.
The new program, which is being hosted on the Bugcrowd platform, will reward security researchers up to $2,500 for valid vulnerabilities.
In-scope targets include the main Monash University web domain and mobile apps, along with various technologies that are used by the institution, including its VPN and FileShare instances.
Cross-site scripting (XSS), DNS configuration issues, and low-impact cross-site request forgery (CSRF) issues are all out of scope.
‘Final maturity step’
Established in 1958, Monash is home to several major research facilities and is consistently ranked in the world’s top 100 universities.
According to Dan Maslin, Monash University’s CISO, the move marks the “final maturity step” in the university’s multi-year journey.
“The program reflects Monash University’s commitment to protecting the confidentiality, integrity, and availability of its information and digital platforms,” Maslin said.
“We value and support the work undertaken by the cybersecurity research community and appreciate it when researchers take the time to report potential security vulnerabilities to us – we welcome submissions from cybersecurity researchers globally.”
Education threat
Universities and other education establishments around the world have witnessed dozens of cyber-attacks over recent months, with ransomware being a particular cause for concern.
In May, the Chicago Public School system warned parents that the personal records of more than 495,000 children may have been exposed as the result of a ransomware attack on a third-party supplier.
In eastern Europe, at least 30 Ukrainian university websites were hacked in a targeted attack thought to have been in support of Russia’s ongoing invasion of the country.
And in 2020, Melbourne Polytechnic in Australia announced that a data breach had impacted the personal data of around 90,000 staff, students, and suppliers.
Source: https://portswigger.net/daily-swig/australias-monash-university-launches-public-bug-bounty-program