As thanks for helping keep the community safe, we are offering rewards in TechCASH for the responsible disclosure of severe vulnerabilities.
Top contributors to the program may be allowed to keep their kerberos accounts after graduation as thanks for their contribution to the MIT community.
The program has the following Rules and Restrictions:
- In order to take part in this program, you must be an MIT affiliate with valid certificates. If you are not eligible for the bounty program, you may still submit reports to our old reporting system here.
- Do not attempt to read, write, or access any private data you gain access to.
- Do not publicly disclose any vulnerabilities before they have been completely resolved.
- Do not perform any tests that will disrupt services, or impair students’ abiltiies to use them.
- Do not use noisy automated scanners.
- All testing must fall within the scopes and domains listed in the section below.
Read more: https://bounty.mit.edu/#rules