Favourite vulnerability disclosure programs based on the interactions with the teams
In 2017, I published an Internet draft for a proposed standard which allows websites to define security policies called security.txt.
Learn more →$ cat security.txt
Contact: https://hackerone.com/ed/reports/new
Policy: https://hackerone.com/ed
Encryption: https://edoverflow.com/key.asc
Acknowledgements: https://hackerone.com/ed/thanks
I work on a wide variety of projects and love contributing to open-source software. My most notable contributions have been to Gratipay, Liberapay, LinkFinder, Crypto101, hacker101.com, and CHVote. You can find my projects on GitHub.
In my spare time, I like to do research on various areas of the security industry and find security issues in popular projects that many of us depend on. Most of my reports are public and you can read up about them on HackerOne. I have submitted valid security vulnerabilities to Keybase, GitLab, Swisscom, Razer, and many more.
View my latest write-ups below or see all my write-ups on an RSS feed.
“The math behind bug bounties — A formula to calculate bounty amounts.”
Nov 29, 2017
Read more →You might spot me on some occations at live-hacking events including the H1-202 live-hacking event in Washington where hackers competed to secure Mapbox. (Images courtesy of HackerOne and Douwe de Boer.)
“The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities”
Security Intelligence (IBM)
Read more →“Bug-finders’ scheme: Tick-tock, this tech’s tested by flaws.. but who the heck do you tell?”
The Register
Read more →