For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Bug Bounty Program

The Drexel Bug Bounty Program is an initiative created with the purpose of encouraging any users to report bugs and cybersecurity vulnerabilities to our Information Security Team. Any participant that discovers a new bug and/or cybersecurity vulnerability that is considered a high risk in Drexel University's systems will receive a letter of recognition from our CISO and have their names added to the list of successful Bug Bounty Hunters, if validated. This program promotes the importance of cybersecurity to interested participants within or outside of the Drexel community. Due to the number of submissions, we ask all Bug Bounty Hunters to give our office 4 weeks to review, investigate, and verify the submission with the corresponding department before contacting us for an update.

Our team receives many submissions daily, some of which have been previously reported to us. If a submission is already being worked on, we will reach out to the Bug Bounty Hunter to let them know. If a submission is a duplicate of a past submission, the Bug Bounty Hunter will not receive recognition for that specific submission. However, Bug Bounty Hunters are encouraged to continue searching for other vulnerabilities. Keep in mind that many common vulnerabilities are already being worked on, so think outside the box! 

The United States Department of Justice announces good-faith security research under revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA). For more information visit: the Department of Justice website.

Note: As of February 2023, Drexel’s Bug Bounty program will no longer accept/credit bug submissions related to Cross-Site Scripting (XSS) and Clickjacking vulnerabilities. 

Below are the enforced commandments for participating in the Bug Bounty Program:

Drexel's Bug Bounty Commandments

  1. Thou shalt report bugs and/or cybersecurity issues in Drexel University systems to InformationSecurity@drexel.edu
  2. Thou shalt receive the gratitude and the recognition of the University if the submission has not been reported to the team before.
  3. Thou shalt hack ethically.
  4. Thou shalt not share confidential information.
  5. Thou shalt not engage in illegal actions.
  6. Thou shalt not employ social engineering.

Any questions? Contact us at InformationSecurity@drexel.edu