Security Policy

regarding discovery and reporting of vulnerabilities

Possible Awards

As a public facility we can not grant bounty payments.

Given their consent we will be providing public credit and acknowledgements to the researchers

in our Hall of Fame for first reports of previously unknown vulnerabilities presenting a real risk.
 

Testing Requirements

During testing avoid disrupting our systems or destroying data - i.e. don't involve DoS attacks.

If a vulnerability provides unintended access to data, cease testing and submit a report immediately -

especially if You encounter Personally Identifiable Information (PII), any data owned by our staff or students

or any proprietary information.

Don't violate the privacy of others - don't disclose private information publicly.