Duke Bug Bounty Program
Develop a Bug Bounty Program to improve Duke's cybersecurity through Duke community engagement. A student team will work with the University IT Security Office to develop the program and reporting tools necessary to encourage and reward Duke students for reporting vulnerabilities in participating Duke web sites and applications. This includes establishing a submission process, identifying the tools and tests that are permissible to run, developing a program website, and defining which domains and vulnerabilities are in scope and out of scope for testing the program.
The Duke Bug Bounty program is designed to both improve Duke’s online defense and introduce students to cybersecurity. Through an innovative arcade-game aesthetic and detailed walkthrough of security testing, this user-friendly program clearly defines the tools and scopes with which participants may engage. Bounty hunters have the opportunity to perform penetration testing, sharpen their professional and technical skills, and receive rewards, should they uncover vulnerabilities to Duke systems.
View the team's final presentation on YouTube.