UC Santa Barbara is committed to maintaining the security and integrity of its information systems and data. We appreciate the role that vigilant community members play in identifying and reporting potential cybersecurity threats and vulnerabilities.
If you believe you have discovered or suspect a cybersecurity vulnerability on any systems owned or operated by UC Santa Barbara, please report it to us immediately.
Please provide as much information as possible in your report to help us understand and address the issue efficiently.
Provide the following details:
- Your name and contact information: Providing contact information allows for follow-up with questions and status updates
- Affected Systems or Services: Which systems are affected (e.g., IP addresses, hostnames, URLs, application names, etc.)
- Description of the vulnerability: A clear description of the cybersecurity vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue.
- Date and time of discovery: When the cybersecurity vulnerability was first noticed
- Any other known resources or data that are potentially affected
Do not include sensitive or personal data in your report.
Important Policy Information:
- UC Santa Barbara does not currently offer a formal cybersecurity vulnerability disclosure or bug bounty program
- UC Santa Barbara does not currently offer financial compensation for vulnerability reports
- Unauthorized scanning, probing, or testing of UC Santa Barbara IT systems and infrastructure is not permitted
- Reporting a cybersecurity vulnerability should be based on responsible discovery practices while using UC Santa Barbara systems and services
The Office of Information Security will review all submitted reports. We appreciate your assistance in helping us protect the UC Santa Barbara community and will take appropriate action based on the nature and severity of the issue.