Monash University is committed to protecting the confidentiality, integrity and availability of its information and digital platforms. At Monash, we value and support the work undertaken by the security research community and appreciate it when researchers take the time to report potential security vulnerabilities to us. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our technology systems. Good luck, and happy hunting!
Rules of engagement
All email addresses belonging to researchers should be your @bugcrowdninja.com.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
Do not modify data that does not belong to you.
You’ll be testing production systems, Please be reasonable with the use of automated tools.
Tools that may result in a Denial Of Service (DoS) are prohibited.
Please be sure to check domain records to confirm Monash University ownership; Do not test assets not owned and controlled by Monash University.
Public Disclosure:
Monash University does not permit public disclosure at this point in time. Exceptions will be made if the Monash University Cyber Risk & Resilience Team believes it is in the best interest of the general public and these will typically be done via CVE publication. In this situation, we would reach out to the researcher to ask if they would like to be acknowledged and named in the CVE record.
Safe Harbor:
When conducting vulnerability research according to this policy, we consider this research to be:
Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
Lawful, helpful to the overall security of the Internet, and conducted in good faith.
You are expected, as always, to comply with all applicable laws.
URL
https://www.monash.edu/cybersecurity/about/mon-csirt
Contact
https://bugcrowd.com/monash-mbb
Bounty
Yes
Additional Information
https://www.monash.edu/.well-known/security.txt
Monash University is committed to protecting the confidentiality, integrity and availability of its information and digital platforms. At Monash, we value and support the work undertaken by the security research community and appreciate it when researchers take the time to report potential security vulnerabilities to us. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our technology systems. Good luck, and happy hunting! Rules of engagement
Public Disclosure:
Monash University does not permit public disclosure at this point in time. Exceptions will be made if the Monash University Cyber Risk & Resilience Team believes it is in the best interest of the general public and these will typically be done via CVE publication. In this situation, we would reach out to the researcher to ask if they would like to be acknowledged and named in the CVE record.
Safe Harbor:
When conducting vulnerability research according to this policy, we consider this research to be: