Hi, my name is Ed. I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programs. In my spare time I like swimming, playing the guitar, photography, and cinematography. I am the author of security.txt and Bug Bounty Guide.

💻 🏊 🎸 📷 🎥

Favourite vulnerability disclosure programs based on the interactions with the teams

I created security.txt

In 2017, I published an Internet draft for a proposed standard which allows websites to define security policies called security.txt.

Learn more →
$ cat security.txt
Contact: https://hackerone.com/ed/reports/new
Policy: https://hackerone.com/ed
Encryption: https://edoverflow.com/key.asc
Acknowledgements: https://hackerone.com/ed/thanks

I build things 🔨

I work on a wide variety of projects and love contributing to open-source software. My most notable contributions have been to Gratipay, Liberapay, LinkFinder, Crypto101, hacker101.com, and CHVote. You can find my projects on GitHub.

I break things 💻

In my spare time, I like to do research on various areas of the security industry and find security issues in popular projects that many of us depend on. Most of my reports are public and you can read up about them on HackerOne. I have submitted valid security vulnerabilities to Keybase, GitLab, Swisscom, Razer, and many more.

I give talks

In 2018, I started giving talks and presented at Disobey in Finland and IETF 101 in the UK. All of my talks so far have been security-related, but I hope to start covering topics from my other areas of interest very soon.

I write stuff

View my latest write-ups below or see all my write-ups on an RSS feed.

“The poor man's bug bounty monitoring setup”

Jul 15, 2018

Read more →

“Automating your reconnaissance workflow with 'meg'”

Apr 13, 2018

Read more →

“An analysis of logic flaws in web-of-trust services.”

Feb 13, 2018

Read more →

I ❤ live-hacking events

You might spot me on some occations at live-hacking events including the H1-202 live-hacking event in Washington where hackers competed to secure Mapbox. (Images courtesy of HackerOne and Douwe de Boer.)

Press appearances

“Uber Hack Shows Vulnerability of Software Code-Sharing Services”


Read more →

“The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities”

Security Intelligence (IBM)

Read more →

“Bug-finders’ scheme: Tick-tock, this tech’s tested by flaws.. but who the heck do you tell?”

The Register

Read more →

Get in touch

[email protected]