Duke Bug Bounty Program


Year: 2020

Develop a  Bug Bounty  Program to improve Duke's cybersecurity through Duke community engagement. A student team will work with the University IT Security Office to develop the  program and reporting tools necessary to encourage and reward Duke students for reporting vulnerabilities  in participating Duke web sites and applications. This includes establishing a submission process, identifying the tools and tests that are permissible to run, developing a program website, and defining which domains and vulnerabilities are in scope and out of scope for testing the program. 

Duke stakeholders: IT Security Office, Office of Information Technology

Final Solution

The Duke Bug Bounty program is designed to both improve Duke’s online defense and introduce students to cybersecurity. Through an innovative arcade-game aesthetic and detailed walkthrough of security testing, this user-friendly program clearly defines the tools and scopes with which participants may engage. Bounty hunters have the opportunity to perform penetration testing, sharpen their professional and technical skills, and receive rewards, should they uncover vulnerabilities to Duke systems.

View the team's final presentation on YouTube.