Image

Image

“The MIT Bug Bounty program is an experimental program aiming to improve MIT’s online security and foster a community for students to research and test the limits of cyber security in a responsible fashion,” read the website.The bug bounty program is open to university affiliates with valid certifications, such as undergrads and graduate students. Participants that uncover vulnerabilities that fall within the in-scope domains are eligible for rewards. “As a thanks for helping keep the community safe, we are offering rewards in TechCASH for the responsible disclosure of severe vulnerabilities,” the website added. Students and staff may use TechCASH to purchase goods and services across campus. In addition, top contributors to the program will also have an opportunity to keep their Kerberos accounts following graduation. The MIT Bug Bounty website stated the university is particularly interested in the following types of vulnerability submissions:
- Remote Code Execution (RCE)
- SQL Injection
- Authorization bypass/escalation
- Information leaks
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)