Want to uncover vulnerabilities in your IT system? Offer students 'bug bounties'

The stakes are high for cybersecurity in higher education: college email addresses are at high risk for cybertheft, and data breaches cost more in education than in other fields.

Contributing to this problem is the shortage of skilled cybersecurity workers. More than 75% of candidates applying for unfilled cybersecurity jobs are unqualified, according to a recent report. And by 2021, an estimated 3.5 million cybersecurity jobs will be left unfilled, another report predicts.

So Stanford University is offering students and employees rewards for detecting vulnerabilities in the university's software systems, reports Dian Schaffhauser for Campus Technology.

The "bug bounty" program rewards students and employees with Amazon gift cards ranging from $50 to $1,000, depending on the severity of the vulnerability uncovered. For instance, program participants receive higher rewards for uncovering "critical" problems, such as SQL injection or remote code execution, than they do for discovering "medium" problems, such as cross-site scripting or request forgeries.

Learn more: How colleges are training students for in-demand cybersecurity jobs

To ensure private data is not shared, program participants must comply with a set of rules, including avoiding checking a vulnerability beyond what is needed to "effectively demonstrate the presence of the problem." And if participants encounter private information, they must "cease testing and submit a report immediately."

The bug bounty program is still evolving, notes university spokesperson Brad Hayward. The pilot phase of the program began with "a very limited set of systems to gauge the response," and the university plans to gradually expand the program to include additional domains, Hayward explains.

To kick off the bug bounty program, Stanford invited students and employees to participate in a hackathon earlier this year. Participants submitted more than 20 reports, contributing to a payout totaling $5,000.

But Stanford isn't the only university where students contribute to detecting vulnerabilities. The Texas A&M University System hires students to work in its Security Operations Center—which not only trains these students for future jobs in cybersecurity, but also alleviates the effects of the cybersecurity labor shortage.

Texas A&M students work alongside professional staff and AI software to detect and contain the more than one million hacking attempts on the university system each month. And Texas A&M has no trouble filling these jobs. "We have never posted a job," says Daniel Basile, executive director of the Security Operations Center. "All of [the students] have heard about us through side channels" (Schaffhauser, Campus Technology, 2/26).


Next in Today's Briefing

The 20 colleges graduating the most women in STEM

Next Briefing

  • Manage Your Events
  • Saved webpages and searches
  • Manage your subscriptions
  • Update personal information
  • Invite a colleague