Dive Brief:
- The Massachusetts Institute of Technology announced last week that it will experiment with offering its own bug bounty program, making it one of the first U.S. colleges to do so, according to Threat Post.
- The program will reward hackers who find vulnerabilities on MIT’s sites and "responsibly" disclose them to the school.
- Several internal domains will be part of the program, including the school’s administrative-systems hub and its course management system.
Dive Insight:
The program is open only to accredited MIT affiliates, including university undergrads and graduate students. Students who responsibly disclose bugs will receive rewards, the university said.
Attacks on universities have been on the upswing because hackers can gain access to lots of personal data in one place, and universities historically have not had strong security measures in place. Last August, Rutgers cited growing cybersecurity costs as one of the reasons why it raised tuition and fees 2.3% for the 2015-16 school year. Rutgers' computer network was disrupted four times during the 2014-2015 school year. Hackers have also targeted the University of Connecticut, Penn State's engineering school and UCLA in the past year.
Bug bounties have become commonplace in Silicon Valley, where companies such as Western Union, Tesla Motors and United Airlines have used them. Last month, the Pentagon announced its "Hack the Pentagon," program, the first-ever bug bounty program offered by the federal government. If the program is successful, MIT’s bug bounty program may set the stage for other colleges and universities to follow suit with their own contests.
