Topics Map > Safety and Security
Cybersecurity, Vulnerability Disclosure
University of Illinois IT Professionals have a responsibility to provide guidance on how to responsibly disclose Cybersecurity Vulnerabilities.
The typical approach is serving
/.well-known/security.txt on web servers and adding
SECURITY.md to public code repositories. See below for details.
When a user responsibly discloses a vulnerability through this process, the University Cybersecurity team will work with your team and the responsible disclosers toward a solution.
For Web Servers
All University of Illinois web servers should serve a file named
/.well-known/security.txt that describes how to responsibly disclose security vulnerabilities.
See security.txt - a proposed standard for defining security policies for details.
Contact: mailto:email@example.com Policy: https://go.illinois.edu/vulnerability
For Public Code Repositories
All public University of Illinois code repositories should include a file named
SECURITY.md in the project root on the main branch that describes how to responsibly disclose security vulnerabilities.
# Security Policy
## Supported Versions
Patches for [ **PROJECT NAME** ] will only be applied to the latest version.
## Reporting a Bug or Vulnerability
Vulnerabilities can be responsibly disclosed through the process
documented at https://go.illinois.edu/vulnerability
Bugs can be reported via repository issues.