Educause Security Discussion mailing list archives
Re: Summary Report :: Dorkbot Service [JUN 2021-06]
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Tue, 6 Jul 2021 14:00:49 +0000
We certainly find it valuable. Unlike some commercial alert providers, every UT Dorkbot alert points to a verified public-facing vulnerability. The web folks have learned to take these alerts seriously. Thanks for all you do! Steve ================================ Steven Lovaas Chief Information Security Officer Colorado State University - Fort Collins and CSU System steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu> 970-297-3707 ================================ ________________________________ From: The EDUCAUSE Security Community Group Listserv on behalf of Beasley, Cam Sent: Monday, July 5, 2021 11:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06] Howdy all — I wanted to share summary stats from the Dorkbot web application security service for Jun-2021. Before I get into the details - can I get some feedback as to whether or not the community is still getting value from this service? It is a bit over 4-years old and I just wanted to ask. ++++++++++++++++++++++ Dorkbot currently serves over 2,350 higher education institutions, state/local government agencies, school districts and other non-profits from across 7 continents (and 205 countries). Those served include 99% of all R1, R2, R3, M1, M2 Carnegie-class campuses and 100% of HBCUs and US Tribal Colleges. [month = JUN-2021] Total entities subscribed = 2,352 —————— Verified XSS vulnerable pages = 3,365 (-6%) Verified SQLi vulnerable pages = 395 (-5%) Verified LFI vulnerable pages = 8 (-33%) —————— 3,768 total verified vulnerable pages (-6%) ++++++++++++++++++++++ Vulnerability breakdown by campus classification ++++++++++++++++++++++ 50% - Universities in Other Countries 16% - D/PU Universities 09% - R2 Universities 08% - R1 Universities 04% - Associates Colleges 03% - Baccalaureate Colleges: Arts & Sciences Focus 03% - M3 Universities 02% - Universities in Canada 02% - M1 Universities 03% - All Other US Entities ++++++++++++++++++++++ Top 5 Served Countries ++++++++++++++++++++++ United States | Thailand | Slovakia | Vietnam | Serbia ++++++++++++++++++++++ Top 5 Served US States ++++++++++++++++++++++ New York | Ohio | Texas | California | Pennsylvania ++++++++++++++++++++++ Signing up for Dorkbot is fast & free. You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report. We can also exclude targets from the service as needed, by: IP address, host name, subdomain or regex string in a URL. Please see the following for more information: https://security.utexas.edu/dorkbot Please help us tell small campuses, school districts or non-profits to subscribe as well! ++++++++++++++++++++++ ++++++++++++++++++++++ Please also remember ISORA Lite (a free service for shared vendor assessments). This leverages EDUCAUSE’s HECVAT standard and there are currently 216 completed vendor assessments launched by EDUs across the country and another 31 underway. Please note that you can also use the vendor reporting to compares vendors in a common vertical. Thus far there have been 660 unique EDU participants from over 314 campuses. You can access ISORA Lite via: https://lite.isora.saltycloud.com thanks, ~cam. -- Cam Beasley (he/him/his) Chief Information Security Officer Information Security Office The University of Texas at Austin security () utexas edu | 512.475.9242 http://security.utexas.edu ======================================= ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Summary Report :: Dorkbot Service [JUN 2021-06] Beasley, Cam (Jul 05)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Catherine Ullman (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Corley, Robert B (KCTCS) (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Ken Connelly (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Theresa Semmens (Jul 06)
- Re: [External]:[SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06] Ferland, William (Jul 12)
- <Possible follow-ups>
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Lovaas,Steven (Jul 06)