Security Vulnerabilities and Bug Bounties

University Statement on Security Vulnerability Reporting and Bug Bounties

Boise State University does not permit unauthorized analysis or testing of its systems for security vulnerabilities.

The Office of Information Technology (OIT) recognizes that third parties may become aware of security vulnerabilities in university systems and wish to report them. Reports may be made via email to security@boisestate.edu.

We appreciate good faith reporting of security vulnerabilities and the positive impact on our security posture that these reports can have; however, we do not have a bug bounty program and do not provide compensation or acknowledgment of security vulnerabilities reported.

Thank you for your understanding.