Hi, my name is Ed. I am a web designer, developer, security researcher, and have experience triaging for numerous vulnerability disclosure programs. In my spare time I like swimming, playing the guitar, photography, and cinematography. I am the author of security.txt and Bug Bounty Guide.
💻 🏊 🎸 📷 🎥Favourite vulnerability disclosure programs based on the interactions with the teams
I created security.txt
In 2017, I published an Internet draft for a proposed standard which allows websites to define security policies called security.txt.
Learn more →$ cat security.txt
Contact: https://hackerone.com/ed/reports/new
Policy: https://hackerone.com/ed
Encryption: https://edoverflow.com/key.asc
Acknowledgements: https://hackerone.com/ed/thanksI build things 🔨
I work on a wide variety of projects and love contributing to open-source software. My most notable contributions have been to Gratipay, Liberapay, LinkFinder, Crypto101, hacker101.com, and CHVote. You can find my projects on GitHub.
I break things đź’»
In my spare time, I like to do research on various areas of the security industry and find security issues in popular projects that many of us depend on. Most of my reports are public and you can read up about them on HackerOne. I have submitted valid security vulnerabilities to Keybase, GitLab, Swisscom, Razer, and many more.
I write stuff
View my latest write-ups below or see all my write-ups on an RSS feed.
“The math behind bug bounties — A formula to calculate bounty amounts.”
Nov 29, 2017
Read more →I ❤ live-hacking events
You might spot me on some occations at live-hacking events including the H1-202 live-hacking event in Washington where hackers competed to secure Mapbox. (Images courtesy of HackerOne and Douwe de Boer.)
Press appearances
“The Telltale Text File: Security Researcher Proposes Standardization for Reporting Vulnerabilities”
Security Intelligence (IBM)
Read more →“Bug-finders’ scheme: Tick-tock, this tech’s tested by flaws.. but who the heck do you tell?”
The Register
Read more →