As a public facility we can not grant bounty payments.
Given their consent we will be providing public credit and acknowledgements to the researchers
in our Hall of Fame for first reports of previously unknown vulnerabilities presenting a real risk.
During testing avoid disrupting our systems or destroying data - i.e. don't involve DoS attacks.
If a vulnerability provides unintended access to data, cease testing and submit a report immediately -
especially if You encounter Personally Identifiable Information (PII), any data owned by our staff or students
or any proprietary information.
Don't violate the privacy of others - don't disclose private information publicly.