Bug Bounty Program
The Drexel Bug Bounty Program is an initiative created with the purpose of encouraging any users to report bugs and cybersecurity vulnerabilities to our Information Security Team. Any participant that discovers a new bug and/or cybersecurity vulnerability that is considered a high risk in Drexel University's systems will receive a letter of recognition from our CISO and have their names added to the Hall of Fame, if validated. All internet-facing assets on “*.drexel.edu” domain are in scope. This program promotes the importance of cybersecurity to interested participants within or outside of the Drexel community. Due to the number of submissions, we ask all security researchers to give our office 4 weeks to review, investigate, and verify the submission with the corresponding department before contacting us for an update.
Our team receives many submissions daily, some of which have been previously reported to us. If a submission is already being worked on, we will reach out to the security researcher to let them know. If a submission is a duplicate of a past submission, the security researcher will not receive recognition for that specific submission. However, security researchers are encouraged to continue searching for other vulnerabilities. Keep in mind that many common vulnerabilities are already being worked on, so think outside the box!
The United States Department of Justice announces good-faith security research under revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA). For more information visit: the Department of Justice website.
Note: As of February 2023, Drexel’s Bug Bounty program will no longer accept/credit bug submissions related to Cross-Site Scripting (XSS) and Clickjacking vulnerabilities.
Below are the enforced commandments for participating in the Bug Bounty Program:
Drexel's Bug Bounty Commandments
- Thou shalt report bugs and/or cybersecurity issues in Drexel University systems by completing this form.
- Thou shalt receive the gratitude and the recognition of the University if the submission has not been reported to the team before.
- Thou shalt hack ethically.
- Thou shalt not share confidential information.
- Thou shalt not engage in illegal actions.
- Thou shalt not employ social engineering.
Any questions? Contact us at InformationSecurity@drexel.edu