Coordinated disclosure of IT vulnerabilities

Employees and students of UGent, as well as third parties external to UGent, are allowed to actively detect vulnerabilities in the security of UGent's ICT infrastructure, insofar as this is done in accordance with the policy set out in this regard.


Policy

The document "Ghent University coordinated IT vulnerability disclosure policy" contains the policy as approved by the Executive Council on 8 July 2022.


Scope

The following systems and websites are excluded for vulnerability assessment:

Actively searching for vulnerabilities in information systems not within the scope of this policy is unauthorised and may lead to sanctions and/or legal prosecution..


Notification procedure

Vulnerabilities can be reported via DICT HelpMe.

When reporting a vulnerability, please confirm that you have read this Coordinated Vulnerability Disclosure Policy and are working in accordance with its provisions. Make sure you can be contacted yourself.

Information you must provide when reporting a vulnerability includes:

Please also provide details of any UGent confidential or personal data you may have had access to.


Rewards

There are currently no rewards or bug bounties provided. If you wish, you can get a mention on this website.