Reporting Security Issues
We are committed to the online security of our University community. We will deal with reported security issues as quickly and efficiently as possible.
How to Report Phishing Attacks
If you spot a potentially malicious email or if you are unsure whether an email is legitimate, please forward it to [email protected] so we can review.
If you believe you have been been the victim of a phishing campaign, change your password immediately and contact the Help Desk at 734.487.2120 to report the incident. You may need to change your passwords on other sites too if the information you provided could be used anywhere else.
How to Report Security Issues
If you have discovered a security issue in EMU’s digital infrastructure or website, send your report directly to [email protected] — our is below. Please include as much of the following information as possible:
- Type of issue (e.g. SQL injection, cross-site scripting, command execution)
- Affected component(s) and version(s)
- Proof-of-concept and/or steps to reproduce the issue
- Impact of the issue
- Any additional, pertinent information
How We Respond to Reported Security Issues
- As soon as possible we will acknowledge we received the vulnerability by email.
- We will assess the impact of the reported issue, working with you to be sure we understand it.
- Once we have resolved the issue we will post an update and acknowledge you for submitting the issue.
- We will not publically disclose your report until the issue is resolved and we have agreed with you on the resolution.
For Our Community: Our Response
After we receive a security report, we work swiftly and diligently to determine its scope, impact, and solution. Once we have developed a fix, or have identified a workaround, we will disseminate this information to affected users.
Thank You For Your Help
We appreciate the time and effort that this sort of research takes. We will publicly acknowledge every researcher and company that goes to the trouble to help us find and remediate security flaws.
While we appreciate the insight security researchers provide we do not condone the use of any destructive methodologies in research. The University retains all rights to pursue legal or other actions for any activity that results in system damage, data loss or denial of service.