Vulnerability Disclosure

The University of Victoria is committed to maintaining the security of our systems.  As a research intensive university, we very much value the work of security researchers and of our community in helping achieve this goal.   We appreciate and encourage responsible reporting and disclosure of any security vulnerabilities that may impact the confidentiality, integrity, or availability of our systems. 

Reporting Procedure

If you do become aware of a vulnerability, we request that you inform us via email to infosec@uvic.ca so that we can take corrective action.  Please note:

  • Do not exploit a vulnerability in order to find other vulnerabilities
    • If you would to explore a vulnerability further, report it to us via email to infosec@uvic.ca and request permission to probe it further
  • Do not exfiltrate data in order to provide samples to us
  • We do not provide monetary rewards for finding vulnerabilities but will publically thank and acknowledge individuals upon request (see below)

Thank you in advance for your submission and report. We appreciate your assistance in our security efforts.

University Policy References

All UVic faculty, staff and students are reminded of their responsibilities outlined within the following policies:

  • Acceptable Use of Electronic Information Resources (IM7200)
  • Information Security Policy and related procedures (IM7800)
  • Protection of Privacy Policy and related procedures (IM7700)
  • Resolution of Non-Academic Misconduct Allegations (AC1300)

Acknowledgements

The University of Victoria would like to thank the following people for helping improve the security of our systems in a responsible manner:

  • Chandula Kodituwakku
  • Vivek Sharma