Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add new program: {Monash University} #443

Open
nohattraveller opened this issue Jul 16, 2024 · 1 comment
Open

add new program: {Monash University} #443

nohattraveller opened this issue Jul 16, 2024 · 1 comment

Comments

@nohattraveller
Copy link

nohattraveller commented Jul 16, 2024

URL

https://www.monash.edu/cybersecurity/about/mon-csirt

Contact

https://bugcrowd.com/monash-mbb

Bounty

Yes

Additional Information

https://www.monash.edu/.well-known/security.txt

Monash University is committed to protecting the confidentiality, integrity and availability of its information and digital platforms. At Monash, we value and support the work undertaken by the security research community and appreciate it when researchers take the time to report potential security vulnerabilities to us. We are excited for you to participate as a security researcher to help us identify vulnerabilities in our technology systems. Good luck, and happy hunting!
Rules of engagement

All email addresses belonging to researchers should be your @bugcrowdninja.com.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
Do not modify data that does not belong to you.
You’ll be testing production systems, Please be reasonable with the use of automated tools.
Tools that may result in a Denial Of Service (DoS) are prohibited.
Please be sure to check domain records to confirm Monash University ownership; Do not test assets not owned and controlled by Monash University.

Public Disclosure:

Monash University does not permit public disclosure at this point in time. Exceptions will be made if the Monash University Cyber Risk & Resilience Team believes it is in the best interest of the general public and these will typically be done via CVE publication. In this situation, we would reach out to the researcher to ask if they would like to be acknowledged and named in the CVE record.

##Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.
@Emmanueltech
Copy link

Hi, I would like to work on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants