At Seton Hall University, we take the security of our users' data very seriously. We encourage those who have discovered potential security vulnerabilities in a Seton Hall service to disclose it to us in a responsible manner.
We will work with internal and external researchers as needed to validate and respond to vulnerabilities that are reported to us. We won't take legal action against or suspend or terminate your PirateNet account access provided you discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Seton Hall reserves all of its legal rights in the event of any noncompliance.
Testing for Security Vulnerabilities
You may only test against an account or service for which you are the account owner or an agent authorized by the account owner to conduct such testing.
Seton Hall Prohibits the Following Types of Research:
- Accessing, or attempting to access, data that does not belong to you
- Executing, or attempting to execute, a denial of service attack
- Sending, or attempting to send, unsolicited or unauthorized email, spam or other forms of unsolicited messages
- Testing third party websites, applications or services that integrate with Seton Hall University
- Knowingly posting, transmitting, uploading, linking to, sending or storing any malware, viruses or similar harmful software
- Research conducted by minors, individuals on sanctions lists or individuals in countries on sanctions lists
Reporting Potential Vulnerabilities
Share the details of any suspected vulnerabilities with the Seton Hall University Web Team by completing the form below. Please do not publicly disclose these details without express written consent from Seton Hall University.
Seton Hall University does not compensate individuals or organizations for identifying potential or confirmed vulnerabilities. Requests for monetary compensation will be deemed in violation of these Responsible Disclosure Guidelines.
Seton Hall’s Commitment
To all security researchers who follow these Responsible Disclosure Guidelines, Seton Hall University promises to:
- Acknowledge receipt of your report in a timely manner
- Provide an estimated time frame for addressing the vulnerability (if one exists)
- Notify you when a reported, confirmed vulnerability is fixed
- Publicly acknowledge your responsible disclosure (upon request)