The University of Pennsylvania does not permit unauthorized analysis or testing of its systems for security vulnerabilities.
Penn Office of Information Security (OIS) recognizes that third parties may become aware of security vulnerabilities in University systems and wish to report them. Reports may be made via email to security@isc.upenn.edu.
We appreciate good faith reporting of security vulnerabilities and the positive impact on our security posture that these reports can have. However, we do not have a bug bounty program and do not provide compensation or acknowledgment of security vulnerabilities reported. Thank you for your understanding.