We value the work done by security researchers in helping to keep our systems secure through their efforts and we appreciate all responsible disclosure of vulnerabilities they identify. Unfortunately, as a public body and charitable institution, we cannot operate a bug bounty scheme and are therefore unable to offer any reward for disclosures made to us.
The University of Edinburgh is committed to maintaining and, where necessary, improving the security of our digital systems and services.
How to report a vulnerability
If you believe you have identified a security vulnerability within the University domain, please email Vulnerability.Reporting@ed.ac.uk and include as much detail as you can to allow us to identify and address the fault.
This article was published on