Educause Security Discussion mailing list archives

Re: Summary Report :: Dorkbot Service [JUN 2021-06]

From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Tue, 6 Jul 2021 14:00:49 +0000

We certainly find it valuable. Unlike some commercial alert providers, every UT Dorkbot alert points to a verified 
public-facing vulnerability. The web folks have learned to take these alerts seriously.

Thanks for all you do!
Steve

================================
Steven Lovaas
Chief Information Security Officer
Colorado State University - Fort Collins and CSU System
steven.lovaas () colostate edu<mailto:steven.lovaas () colostate edu>
970-297-3707
================================

________________________________
From: The EDUCAUSE Security Community Group Listserv on behalf of Beasley, Cam
Sent: Monday, July 5, 2021 11:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06]

Howdy all —

I wanted to share summary stats from the Dorkbot web application security service for Jun-2021.
Before I get into the details - can I get some feedback as to whether or not the community is still getting value from 
this service?
It is a bit over 4-years old and I just wanted to ask.


++++++++++++++++++++++

Dorkbot currently serves over 2,350 higher education institutions, state/local government agencies, school districts 
and other non-profits from across 7 continents (and 205 countries).

Those served include 99% of all R1, R2, R3, M1, M2 Carnegie-class campuses and 100% of HBCUs and US Tribal Colleges.

[month = JUN-2021]

Total entities subscribed = 2,352

——————
Verified XSS vulnerable pages = 3,365 (-6%)
Verified SQLi vulnerable pages = 395 (-5%)
Verified LFI vulnerable pages = 8 (-33%)
——————
3,768 total verified vulnerable pages (-6%)


++++++++++++++++++++++
Vulnerability breakdown by campus classification
++++++++++++++++++++++

50% - Universities in Other Countries
16% - D/PU Universities
09% - R2 Universities
08% - R1 Universities
04% - Associates Colleges
03% - Baccalaureate Colleges: Arts & Sciences Focus
03% - M3 Universities
02% - Universities in Canada
02% - M1 Universities
03% - All Other US Entities

++++++++++++++++++++++
Top 5 Served Countries
++++++++++++++++++++++

United States | Thailand | Slovakia | Vietnam | Serbia

++++++++++++++++++++++
Top 5 Served US States
++++++++++++++++++++++

New York | Ohio | Texas | California | Pennsylvania

++++++++++++++++++++++

Signing up for Dorkbot is fast & free.
You will receive realtime alerts for any verified vulnerabilities along with a custom monthly report.
We can also exclude targets from the service as needed, by: IP address, host name, subdomain or regex string in a URL.

Please see the following for more information:

https://security.utexas.edu/dorkbot

Please help us tell small campuses, school districts or non-profits to subscribe as well!

++++++++++++++++++++++
++++++++++++++++++++++

Please also remember ISORA Lite (a free service for shared vendor assessments).
This leverages EDUCAUSE’s HECVAT standard and there are currently 216 completed vendor assessments launched by EDUs 
across the country and another 31 underway.

Please note that you can also use the vendor reporting to compares vendors in a common vertical.

Thus far there have been 660 unique EDU participants from over 314 campuses.  You can access ISORA Lite via:

https://lite.isora.saltycloud.com

thanks,

~cam.



--
Cam Beasley (he/him/his)
Chief Information Security Officer
Information Security Office
The University of Texas at Austin
security () utexas edu | 512.475.9242
http://security.utexas.edu
=======================================
**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Summary Report :: Dorkbot Service [JUN 2021-06] Beasley, Cam (Jul 05)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Catherine Ullman (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Corley, Robert B (KCTCS) (Jul 06)
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Ken Connelly (Jul 06)
  - Re: Summary Report :: Dorkbot Service [JUN 2021-06] Theresa Semmens (Jul 06)
- Re: [External]:[SECURITY] Summary Report :: Dorkbot Service [JUN 2021-06] Ferland, William (Jul 12)
- <Possible follow-ups>
- Re: Summary Report :: Dorkbot Service [JUN 2021-06] Lovaas,Steven (Jul 06)