Vulnerability Acknowledgements for Red Hat online services

Updated -

Red Hat would like to thank the following individuals and organisations that have privately reported security issues that affected Red Hat branded websites or online services and agreed to be listed.

To report an issue in any Red Hat branded website or online service please contact site-security@redhat.com. Red Hat Information Security, in its sole discretion, will make the final decision about granting, refusing, and publishing credits, as well as their form and content, and applying the rules listed below. Please allow a reasonable time (1-2 business days) for a response after reporting.

Mail sent to site-security@redhat.com can be encrypted with the PGP key 0x50EB9D550CFE2855:
https://keys.openpgp.org/vks/v1/by-fingerprint/A92DF9F915995C7419045F6C50EB9D550CFE2855

We will refuse credits where researchers breach the rules below or do not otherwise behave responsibly and ethically:

  • Reports we do not class as security issues are not eligible for an acknowledgement on this page; these include but are not limited to:

    • Directory Listings and FTP sites. Our products are based on open source components and we make certain content available using directory listings and via anonymous FTP. Please only report these if you find (what can reasonably be assessed as) non-public content being exposed

    • Version Numbers. We do not hide the version numbers of online service components and you should expect these will not be the latest upstream versions.

    • Secure Certificate Issues (mismatched host names, expired certificates, support for older protocols such as SSLv3)

    • Reports from automated tools or scanners without manual verification and analysis

    • Theoretical attacks without proof of exploitability

    • Brute force attacks (e.g. on passwords or tokens)

    • Attacks involving any user accounts not created by you

    • Attacks involving physical access to a user's device, or involving a device or network that is already compromised

    • Missing security headers that do not lead directly to a vulnerability

    • Clickjacking

    • Cookies missing secure or HttpOnly flags

    • Bugs that rely on an unlikely user interaction

    • Issues that are the result of a user deliberately performing an insecure action (like sharing their password or API tokens publicly)

    • Social engineering of Red Hat staff or users

    • Issues related to password and account recovery processes

  • Some Red Hat branded services are operated by third parties. If you notify us about security issues on such sites we will coordinate fixes with the affected vendors and acknowledgements maybe given by those vendors or under their rules.

  • Some security issues may be due to underlying vulnerabilities in third-party applications that we use. In these cases we will coordinate fixes with the application vendor and acknowledgements maybe given by those vendors or on our CVE dictionary pages.

  • We expect you to make a good faith effort to avoid privacy violations, destruction of data, or degradation to our service during your research. Please avoid using tools that are likely to automatically generate significant volumes of traffic or otherwise cause operational problems for our sites.

2024 Acknowledgements:

  • Allan Swanepoel (https://linkedin.com/in/allanice001)
  • Vaibhav Jain (https://www.linkedin.com/in/vaibhav-jain-aa5680254/)
  • Kauenavarro (https://www.linkedin.com/in/kau%C3%AA-navarro)
  • B.Dhiyaneshwaran (https://www.linkedin.com/in/dhiyaneshwaran-bala/)
  • Hussein Ayoub (https://www.linkedin.com/in/hussein-ayoub-207a49135)
  • Chetanya Sharma (https://www.linkedin.com/in/aggressiveuser)

2023 Acknowledgements:

  • Parag Bagul (https://www.linkedin.com/in/parag-bagul-061440199/)
  • Satyam Singh(0xm3hd)(https://www.linkedin.com/in/satyam-singh-893306221/)
  • Mayur Agnihotri (https://www.linkedin.com/in/mayuragnihotri/ https://twitter.com/I_AM_Mayur0021)
  • Benjamin Strebel (https://www.lennlay.com)
  • Mohammad Hosein Askari (https://www.linkedin.com/in/mohammadhoseinaskari)
  • Kamil Sevi @kamilsevi
  • Yakir Kadkoda (https://www.linkedin.com/in/yakir-kadkoda/) and Assaf Morag (https://www.linkedin.com/in/assaf-morag-812a9432/)
  • Navreet (twitter.com/navreet1425) (https://www.linkedin.com/in/navreet-singh-rnns142500/)
  • Adarsh S. Nair (https://www.linkedin.com/in/adarsh-s-nair-2300b9264/)
  • Adnan Khan (https://www.linkedin.com/in/adnanekhan/)
  • Anmol Kumar (r0gue302) (https://www.linkedin.com/in/anmolkumar3244)
  • Cameron Andrews (https://www.linkedin.com/in/cameronandrews0/) [2 flaws]
  • Codermak (https://twitter.com/arshadkazmi42)
  • Deepak (https://twitter.com/bug_vs_me)
  • Everton Silva (https://www.linkedin.com/in/everton-hydd3n-04784a232)
  • freedfr0md3sire (https://hackerone.com/freedfr0md3sire?type=user)
  • Kirti Sagar Verma (https://www.linkedin.com/in/kirtisagarverma)
  • kukuruza (https://hackerone.com/kukuruza?type=user-)
  • Mikhail Tolkonyuk (https://www.linkedin.com/in/mtolkonyuk/)
  • Muhammad Haris Aftab (https://www.linkedin.com/in/muhammad-haris-aftab-6693201a4) [2 flaws]
  • Rushabh Vyas (https://www.linkedin.com/in/rushabhvyas)
  • Sahil Prasad (JustSahil) (https://www.linkedin.com/in/sahil-prasad/)
  • Shivankar Madaan (https://www.linkedin.com/in/shivankar-madaan-16155a15a/)
  • Shubham Choudhery (https://www.linkedin.com/in/shubham-choudhery/)
  • Sokol Çavdarbasha (https://www.linkedin.com/in/sokol-%C3%A7avdarbasha-845426232)
  • Vikas Singh (https://www.linkedin.com/in/vikas-singh-295333159)
  • Vinit Lakra (https://www.linkedin.com/in/vinithacker)
  • RyotaK (https://ryotak.net)
  • Ashik Kunjumon (https://www.linkedin.com/in/ashikkunjumon)
  • Gabriel Tarsia (https://www.linkedin.com/in/-45a9b925/)
  • 4bug of ChaMd5 Security Team H1 Group (https://www.fobug.com/)
  • Milan katwal (linkedin.com/in/milankatwal99)
  • Domain Chaser (https://hackerone.com/domainchaser?type=user)
  • Limon (https://hackerone.com/limon_70?type=user)
  • Naor Yaacov (https://www.linkedin.com/in/naor-yaacov)
  • Abison Binoy (https://www.linkedin.com/in/abison-binoy/ https://twitter.com/abison_binoy)

2022 Acknowledgements:

  • Aman Mahendra (https://twitter.com/amanmahendra_)
  • Cuong Van Bui (https://nsbvc.blogspot.com/) - VNCERT/CC
  • Dinesh Kumar (dhina016)
  • Dzmitry Smaliak (@haxxm0nkey)
  • Eslam Akl (https://www.linkedin.com/in/eslam3kl)
  • Gaurav Kumar (https://twitter.com/gdattacker) (https://www.facebook.com/drago4344)
  • Hemant kashyap (cyber__hawk) (https://www.linkedin.com/in/hemant-kashyap-714564199)
  • Johan Carlsson (@joaxcar)
  • Keshav Patidar (@ke5h4v) (https://www.linkedin.com/in/keshav-patidar)
  • Krishna Agarwal (@Kr1shna4garwal) https://www.linkedin.com/in/kr1shna4garwal
  • Lakshaya Bawa (https://www.linkedin.com/in/lakshayabawa)
  • Malvik Chauhan (@ChauhanMalvik) (https://www.linkedin.com/in/malvikchauhan) [2 flaws]
  • Mohammad Hosein Askari (https://www.linkedin.com/in/mohammadhoseinaskari)
  • Momen Eldawakhly (Cypro AB), (https://www.linkedin.com/in/momen-eldawakhly-3b6250204)
  • Muhammad Khizer Javed (https://www.linkedin.com/in/muhammad-khizer-javed/)
  • Mukesh Kumar (@wireghost) (https://www.linkedin.com/in/mukesh-kumar-1306s2707)
  • Ozan Olali – IBM Security
  • Pankaj Kumar Thakur (https://www.linkedin.com/in/pankaj1261) [2 flaws]
  • Pooja Rani (https://www.linkedin.com/in/pooja-rani-8048822b/) (https://www.facebook.com/poojawww/)
  • Ramansh Sharma (https://www.linkedin.com/in/ramansh-sharma/) [2 flaws]
  • Ritik Jangra (https://www.linkedin.com/in/ritik-jangra-03b80a21b)
  • Rohit Sharma (https://www.linkedin.com/in/r0x5r/)
  • Saransh Saraf (MR23R0) (https://www.linkedin.com/in/saransh-saraf-2b514b20b)
  • Severus of VietSunshine Security Engineering Team (www.vietsunshine.com.vn)
  • Sokol Cavdarbasha (@sokolicav)
  • Tuan Nguyen (@nhiephon) (https://twitter.com/_nhiephon)
  • Yash Devkate (https://in.linkedin.com/in/yash-devkate-644aa120a) (https://twitter.com/rootxyash)
  • Yash kushwah (@cyberyash951) (https://www.linkedin.com/mwlite/in/yash-kushwah-a80449229)

2021 Acknowledgements:

  • Akash Rajendra Patil (https://www.linkedin.com/in/akashpatil98/)
  • Alan Abhilash (https://twitter.com/alan_abhilash)
  • Anthony Sottile (twitter.com/codewithanthony)
  • Chen Cohen (https://www.linkedin.com/in/chen-cohen/ @eBay ) [2 flaws]
  • Christian Schlüter (VIADA)
  • David Guimarães (@skysbsb) (https://www.linkedin.com/in/guimabsb)
  • Emad Shawky Muhammed (www.linkedin.com/in/emad-shawky-244408152)
  • Gourab Sadhukhan (https://www.linkedin.com/in/gourab-sadhukhan-71158216a)
  • Gustavo Santos (https://www.linkedin.com/in/gustavoosantoos/)
  • Harinder Singh (S1N6H | https://www.linkedin.com/in/lambardar/)
  • Jasmin Shaikh (@jasmin_jazz16) (https://www.linkedin.com/in/jasmin-shaikh-082a3a11a/)
  • Kohei Morita (https://twitter.com/mrtc0)
  • Mikhail Tolkonyuk (https://www.linkedin.com/in/mtolkonyuk/)
  • Mohammad Hosein Askari (https://www.linkedin.com/in/mohammadhoseinaskari) [2 flaws]
  • Mohammed Amer Saadoon (0nlymohammed | https://twitter.com/0nlymohammed)
  • Muhammed Mustafa Korany (https://twitter.com/MuhammedKoraany)
  • Naman Shah (www.twitter.com/naman_1910)
  • Niraj Kharel @ Cryptogen Nepal (https://www.linkedin.com/in/nirajkharel)
  • Omar Amin (Secare.io Research Team | https://twitter.com/oomniipotentt)
  • Omar Bheda (https://linkedin.com/in/omarbheda)
  • Oumeir Saifedeen (o.s.bughunter (at) gmail.com | xjohncode (at) gmail.com)
  • posix (https://twitter.com/po6ix)
  • Pradip Bhattarai (https://www.linkedin.com/in/prdp | https://www.pradeepbhattarai.me/) [2 flaws]
  • S Rahul (7srambo) (https://www.linkedin.com/in/7srambo/)
  • Samprit Das (sampritdas8 | https://www.linkedin.com/in/samprit-das-9805831a2/) [2 flaws]
  • Shaikh Yaser
  • Sheikh Rishad (https://twitter.com/sheikhrishad0)
  • Shripad Rachha (@protector_5512) (https://www.linkedin.com/m/in/shripad-rachha-0782441ab)

2020 Acknowledgements:

  • @hexdefined
  • Abhijeet Jain (https://twitter.com/seecure963)
  • Ahmad A Abdulla (https://www.facebook.com/cybershield.team/)
  • Ai Ho (https://twitter.com/j3ssiejjj)
  • Apoorva Jois (https://www.linkedin.com/in/apoorva-jois-7ab0b0165)
  • Artem Zinenko (@ar7z1)
  • Billy Sheppard (https://twitter.com/GoatSniff)
  • Carl Henrik Lunde (@chlunde)
  • Codermak (https://twitter.com/arshadkazmi42)
  • Flaviu Popescu - (https://flaviu.io) - [2 flaws]
  • Himanshu Joshi (https://www.linkedin.com/in/jhimansh/)
  • Imran Shaikh
  • Lex Vorona (voronaam)
  • Marcell Csiszar (https://csiszarmarcell.hu) (https://hu.linkedin.com/in/marcellcsiszar)
  • Max Goldfarb (https://linkedin.com/in/mhgoldfarb)
  • Mohamed Abdellatif Jaber (https://www.facebook.com/Mrm0hm3d)
  • Mohammad Hosein Askari (https://www.linkedin.com/in/mohammadhoseinaskari) [2 flaws]
  • Naveen Kumawat (twitter.com/nvk0x)
  • Pankaj Kumar Thakur (@Nep_1337_1998) and Muskan Upadhaya(www.facebook.com/muskan.upadhaya.90) from Nepal
  • Pardon Mukoyi (@bugspiderlee - https://www.linkedin.com/in/pardon-mukoyi-2964aa187 )
  • Pascal Zenker (@parzel2) (https://www.linkedin.com/in/pascal-zenker-608620146/)
  • Pramod Sargar (https://twitter.com/impramodsargar https://www.linkedin.com/in/impramodsargar/ )
  • Pratik Dabhi (https://www.linkedin.com/in/pratikmdabhi/)
  • Pulkit Pandey (@pulkitpandey92)
  • Sattar Jabbar (Facebook.com/vipexploiter)
  • Sherwyn Moodley (@forshish)
  • Shivang Trivedi (https://www.linkedin.com/in/shivang-trivedi-a149b2190)
  • Sourav Sahana (https://linkedin.com/in/iamsahana)
  • Tarek Bouali (@iambouali)
  • Tinu Tomy (tinurock007)
  • Wh4t4s3c

2019 Acknowledgements:

  • Abdullah Fares Muhanna (https://www.facebook.com/AbedullahFares)
  • Anil Tom (Mr.4NK) (https://facebook.com/aniltom.ank)
  • Arrch (https://twitter.com/AriefRachmanRh)
  • Arsenii Kostromin (0x3c3e)(https://twitter.com/0x3C3E)
  • csanuragjain (https://twitter.com/csanuragjain)
  • Daniel Kalinowski(ISEC.pl Research Team)(https://twitter.com/llamaonsecurity)
  • Deba Akrem Fares ( i love you mom ) (www.facebook.com/hungrybits )
  • Eng. Mohammed Fayadh (https://www.linkedin.com/in/eng-mohammed-alanazi-69593050)
  • Gareth Heyes (PortSwigger) (https://twitter.com/garethheyes)
  • Gröstl Sec
  • Hamza Errachdi (@hecvs17)
  • Hoang Quoc Thinh (@g4mm4 of CyberJutsu.IO)
  • Ipsita Subhadarshan Sahoo
  • James Kettle (PortSwigger Web Security)
  • Kamal Elsayed Hussein (https://www.linkedin.com/in/kamalinux)
  • Mahmoud Osama Ahmed (Twitter: @Mahmoud0x00)
  • Mehrdad Nassiri (https://www.linkedin.com/in/mehrdd) (https://vandaw.com)
  • Michael Oliver (https://www.linkedin.com/in/thecodeboss/)
  • Mustafa Diaa - ( @c0braBaghdad1 )
  • Nikhil Sahoo
  • Nikola Kojic (https://ras-it.rs) [2 flaws]
  • Ninad Mishra (https://in.linkedin.com/in/ninad-mishra-73b279157)(securityidiot.com)
  • Pankaj Kumar Thakur (Nepal)(https://www.linkedin.com/in/pankaj1261)(twitter: @Nep_1337_1998)
  • Rajib Acharyya (https://www.facebook.com/rajibacharyya64)
  • Ronak Nahar (https://www.linkedin.com/in/naharronak/)
  • Saad Zitouni https://www.linkedin.com/in/saad-zitouni/
  • Shivam Pandya (shivampandya.com)
  • Tijo Davis (https://www.linkedin.com/in/tijo-davis-a906a7141 )
  • Tirtha Mandal (https://www.linkedin.com/in/tirtha-mandal-794989b7)
  • Tyler Hawkins (https://www.linkedin.com/in/tyler-hawkins-149ba2b2/) (https://hawkinsecurity.com/)

2018 Acknowledgements:

  • Abhishek Sidharth (https://www.facebook.com/ab2op4u)
  • Andreas Johnsen Skoglund (anderen2) (https://www.linkedin.com/in/andreas-skoglund)
  • Bill Ben Haim (https://www.linkedin.com/in/bill-ben-haim-b6775a48/)
  • Claudio Moretti
  • Deepanshu kapoor (https://deepanshukapoor.blogspot.com)
  • Faizan Ahmed (https://www.facebook.com/fizan.ahmed.3998 )
  • Faruk Kadir (https://www.linkedin.com/in/farukkadir)
  • Gröstl Sec
  • Hamza Errachdi (@hecvs17)
  • James Kettle (PortSwigger Web Security)
  • Jesse Kinser (@securitybites, http://linkedin.com/in/jesse-kinser-71a56110)
  • Kaustubh Padwad (https://twitter.com/s3curityb3ast)
  • Mohamed Saker (fb.com/X3rrOR)
  • Mohamed Sakr (fb.com/mohamed.saker84)
  • Partha Bishwas (https://www.facebook.com/partha.bishwas)
  • Pravas Ranjan Kanungo (https://www.linkedin.com/in/prkanungo)
  • Sumit Sahoo (https://www.sumitsahoo.com/)
  • vyshnav nk (https://www.linkedin.com/in/vyshnav-vizz-856038119/)
  • Wen Bin KONG (@kongwenbin, https://linkedin.com/in/kongwenbin)
  • Youssef A. Mohamed (https://GeneralEG.github.io)

2017 Acknowledgements:

  • Anand Bhat (@_anandbhat)
  • Andreas Johnsen Skoglund (https://www.linkedin.com/in/andreas-skoglund-192992106)
  • Anirban Singha (https://www.facebook.com/anirban.dark)
  • Anton Mihaita Adrian (@adicode32)
  • Cody Zacharias (@now)
  • Georgie Yoxall (https://yoxall.me.uk)
  • Gröstl Sec
  • Konduru Jashwanth (https://in.linkedin.com/in/kondurujashwanth)
  • Li Chaohan Bon (https://www.linkedin.com/in/lichaohan-bon/)
  • Modesto Rodríguez (www.linkedin.com/in/mode-rodriguezb)
  • Ong Jin Kun (https://scriptkidd1e.wordpress.com)
  • Oussama Zgheb (zgheb.com)
  • Raad Firas Haddad (@raadfhaddad)
  • Ron Masas (ronmasas.com)
  • Sergius Low Jun Kai (https://www.linkedin.com/in/low-jun-kai-sergius/)
  • Suleman Malik (@sulemanmalik_3)
  • Sumantro Mukherjee (https://www.facebook.com/sumantro.rijndael)
  • Suyog Palav (https://www.linkedin.com/in/suyog-palav & https://www.facebook.com/suyog.palav)
  • Takashi Suzuki (kamikaze.takashi111 [at] gmail.com)
  • Vineet Kumar (https://bughunter.withgoogle.com/profile/80ae25f5-877d-4402-94e8-7902cacdb4b9)

2016 Acknowledgements:

  • Adrian-Daniel Bacanu (Zatarra) (rstforums.com)
  • Ameer M. Assadi ( @AmeerAssadi, AmeerAssadi.com, fb.com/Amirh4ck )
  • Amine Hm (https://www.facebook.com/AMiN3.HM) [3 flaws]
  • Anas Roubi
  • Cameron Dawe (Spam404, https://twitter.com/spam404online) [2 flaws]
  • Dhiraj Mishra (@mishradhiraj_)
  • Fernando Muñoz
  • Gerardo Venegas(@v0raz)
  • Hamza Bachikh (alhamdulillah) (@miZo_Rayk)
  • José Carlos Expósito Bueno (@0xlabs)
  • Kacper Szurek - http://security.szurek.pl/
  • Kenan GÜMÜŞ
  • Latish Danawale (Facebook.com/latish.danawale.14)
  • Lawrence Amer
  • Mahmoud El Manzalawy (https://twitter.com/is4curity)
  • Michael Gottburg
  • Mustafa Hasan (@strukt93)
  • Nilesh Sapariya (https://www.twitter.com/nilesh_loganx) [2 flaws]
  • Raed Moussaoui (https://www.linkedin.com/in/raed-moussaoui)
  • Sumit Sahoo - https://www.sumitsahoo.com/
  • Teemu Kääriäinen
  • Tushar Parab (BaPpA m0rYa)
  • Yann CAM @ASafety (www.asafety.fr / www.synetis.com)

2015 Acknowledgements:

  • Abd El Rahman Ezzat Mohamed (Facebook.com/hackingdragon121)
  • Adrian-Daniel Bacanu (Zatarra) (rstforums.com)
  • Ahmed Abdalla Fathi (https://www.facebook.com/mr.alexseve)
  • Ahmed Adel Abdelfattah (https://www.facebook.com/00SystemError00)
  • Ahmed Y. Elmogy (@mogyhacker)
  • Ala Arfaoui (https://www.facebook.com/alaa.arfaoui)
  • Ayoub Ait Elmokhtar - https://www.facebook.com/abessadek
  • Babar Khan Akhunzada (Security Wall) (www.babarakhunzada.com)
  • Deepali Sarjerao Malekar (https://in.linkedin.com/pub/deepali-malekar/80/361/427)
  • Diaa Diab (@dia2diab) [3 flaws]
  • Fady S. Ghatas ( TiTrias.com )
  • Jose Carlos Exposito Bueno (https://www.0xlabs.com/)
  • Kai Fabian (http://kaifabian.de/)
  • Mahender Singh (https://twitter.com/neohacker1337)
  • Mahmoud El Manzalawy (https://twitter.com/is4curity)
  • Michał Lubicz-Sienicki (@mlubicz) - https://lubi.cz [4 flaws]
  • Mohamed Abdelbasset Elnouby - Senior Security Analyst at Seekurity
  • Mohamed Khaled (https://twitter.com/Sirmatrixpage)
  • Mohamed Khaled Fathy Link (https://www.facebook.com/Sir.MaTrix) [3 flaws]
  • Mohamed Khaled Fathy Mohamed (Facebook.com/Squnity)
  • Mohit Shukla - @theserverguy (MantraGrid.com)
  • Muhammed Gamal Fahmy (facebook.com/profile.php?id=646694111)
  • Noah Wilcox - (Crater Designs) http://craterdesigns.com
  • Prince Rawat - https://twitter.com/_princerawat
  • Sachin Wagh (https://in.linkedin.com/pub/sachin-wagh/5/175/95b)
  • SaifAllah benMassaoud (https://www.facebook.com/WhiteHatSecuri)
  • Sumit Sahoo (54H00) - http://www.facebook.com/54H00 [2 flaws]

2014 Acknowledgements:

  • Adrian-Daniel Bacanu (Zatarra) (rstforums.com)
  • Adrian-Daniel Bacanu (Zatarra) (rstforums.com)
  • Ajay Singh Negi (@AjaySinghNegi) (computersecuritywithethicalhacking.blogspot.in)
  • Ali Hasan Ghauri (@alihasanghauri) (AHPT)
  • Babar Khan Akhunzada (Security Wall) (www.babarakhunzada.com)
  • Behroz Nathwani
  • Caesar Manigault (www.keyicam.com)
  • David Hoyt
  • Deepanker Chawla (@deepankerchawla) (www.deepanker.in)
  • Hamid Ashraf (www.fb.com/hami.hax528)
  • Ibrahim Raafat (@RaafatSEC) (Q-CERT)
  • Ignacio Garrido (www.coresecurity.com) [2 flaws]
  • Ilca Lucian [Pwnthecode]
  • Jasminder Pal Singh [Zero-Guy]
  • Koutrouss Naddara [@KoutroussNaddar]
  • Măgheruşan Ovidiu (@RSTforums.com)
  • Mazen Gamal Mesbah (@MazenGamal) [3 flaws]
  • Milad Bahari Rad (@milad_bahari)
  • Osanda Malith Jayathissa (@OsandaMalith)
  • Prayas Kulshrestha (@prayas_prayas)
  • Sangeetha Rajesh S (in.linkedin.com/in/sangeetharajesh)
  • Shahee Mirza (@shaheemirza)
  • Simone Memoli (@Simon90_Italy)

2013 Acknowledgements:

  • 6Scan (6scan.com)
  • Abhinav Karnawat (\/ w4rri0r \/) (www.w4rri0r.com)
  • Adrian-Daniel Bacanu (Zatarra) (rstforums.com) [2 flaws]
  • Ahmed Mohamed Hassan Aboul-Ela (Starware) [3 flaws]
  • Ajay Singh Negi (@AjaySinghNegi) (computersecuritywithethicalhacking.blogspot.in) [2 flaws]
  • Ali Hasan Ghauri (@alihasanghauri) (AHPT)
  • Anand Meyyappan (@anandm47)
  • Anand Prakash (@sehacure) (VIT University, India)
  • Andrey Medov (ptsecurity.com) [5 flaws]
  • Ankit Bharathan (lon3ly_hacker)
  • Atulkumar Hariba Shedage (@atul_shedage) and Ritesh Arunkumar Sarvaiya (@RiteshSarvaiya), (defencely.com)
  • Bharadwaj Machiraju (blog.tunnelshade.in)
  • Christian Lopez Martin (@phr0nak)
  • Daniel-Valentin Tomescu (TheTime) (rstforums.com)
  • David Hoyt
  • Deepankar Arora (@sec403) and Nipun Jaswal (@nipunjaswal) [2 flaws]
  • Dmitriy Serebryannikov (@dsrbr) (ptsecurity.com)
  • Elvin Gentiles (elvinguitar)
  • Emanuel Bronshtein (@e3amn2l)
  • Guifré Ruiz Utgés (@GuifreRuiz)
  • Gurjant Singh (@GurjantSadhra) and Mayank Kapoor (hackerdesk.com)
  • Himanshu Kumar Das (@mehimansu)
  • Issam Rabhi (sites.google.com/site/issrabhi) [2 flaws]
  • Johnathan S. Simon (johnathansimon.com) [2 flaws]
  • Kamil Sevi (@kamilsevi) [4 flaws]
  • Koutrouss Naddara
  • Laith AL-Satari (@laith_satari)
  • M.R.Vignesh Kumar (@vigneshkumarmr)
  • Mahmoud El-Said El-Naggar (Starware)
  • Malte Batram (@_batram) (batr.am) [2 flaws]
  • Maxim Rupp
  • Mohab Ali (@0xAli) (synapse-labs.com)
  • Mohamed Ramadan (Attack-Secure.com)
  • Muhammad Ahmed Siddiqui (Nybble Tech) (nybbletech.com)
  • Muhammad Talha Khan (fb.com/MTK911)
  • Narendra Bhati (@NarendraBhatiB) (R00t Sh3ll)
  • Osanda Malith Jayathissa (@OsandaMalith)
  • Peter Jaric (@peterjaric) (javahacker.com)
  • Prajal Kulkarni (www.prajalkulkarni.com)
  • Rafael Pablos (silverneox.blogspot.com)
  • Raj Sukali (fb.com/nottyraj) [2 flaws]
  • Rajatkumar Karmarkar
  • Rakan Alotaibi (@hxteam) [2 flaws]
  • Riaz Ebrahim (www.linkedin.com/pub/riaz-ebrahim-cissp-ceh/3b/347/383)
  • Rishal Dwivedi (@rishaldwivedi) (Bhavan's Vivekananda College) and Manjot Singh (@Manjotsinghg8) (Rimt College Mandi Gobindgarh)
  • Roy Castillo (@official_roy) (www.roy-castillo.com) [4 flaws]
  • Sabari Selvan (www.EHackingNews.com)
  • sahildhar (fb.com/dhar66)
  • Saurabh Chandrakant Nemade (@SaurabhNemade) (fb.com/saurabh.nemade)
  • Shahee Mirza (@shaheemirza)
  • SimranJeet Singh (@TurbanatorSJS)
  • Swair Mehta (swairmehta@gmail.com)
  • Teguh P. Alko [2 flaws]
  • Tejash Patel (@tejash1991)
  • Tushar Rajhans Kumbhare (defencely.com)
  • Vikas Chopalli and Naresh Chattala (gitamite.com)
  • Wong Chieh Yie (@wcypierrenet)
  • Yuji Kosuga

2012 Acknowledgements:

  • Ahmad Ashraff (@yappare)
  • Atulkumar Hariba Shedage (@atul_shedage) (defencely.com)
  • Carlo Soliveres Benedicto (FierceX) (Catanduanes State University)
  • David Hoyt [3 flaws]
  • David Vieira-Kurz (MajorSecurity) [2 flaws]
  • Dylan S. Hailey (@TibitXimer)
  • Emanuel Bronshtein (@e3amn2l) [2 flaws]
  • Guifré Ruiz Utgés (@GuifreRuiz)
  • Harsha Vardhan Boppana (Login Security Solutions(P) Limited) and Krutarth Shukla (@krutarthshukla)
  • João Lucas Melo Brasio (White Hat Hackers & DotFive Labs & PUC-Campinas)
  • Johnathan S. Simon (johnathansimon.com)
  • Kamil Sevi (@kamilsevi) [2 flaws]
  • Keita Haga [4 flaws]
  • Mario Gomes (@NetFuzzer)
  • Masato Kinugawa
  • Mateusz Goik
  • Maxim Rupp [5 flaws]
  • Michael Blake
  • Mohamed Ramadan (Attack-Secure.com) [3 flaws]
  • Nils Jünemann [5 flaws]
  • Rafay Baloch (RHA)
  • Siddhesh Gawde (St. Francis Institute of Technology (SFIT))
  • Thamatam Deepak (@Mr.47™)
  • Ucha Gobejishvili (საქართველო) [6 flaws]

2011 Acknowledgements:

  • Brendan Coles
  • David Guimaraes
  • David Hoyt [3 flaws]
  • Keita Haga
  • Maxim Rupp [2 flaws]
  • Nils Jünemann [2 flaws]
  • Szymon Gruszecki

Pre-2011 Acknowledgements:

  • Johannes@springenwerk.com

This page lists all acknowledgements since January 1st 2011. Please contact site-security@redhat.com if you reported an issue to us prior to 2011 and would like a public acknowledgement.

Comments