--- layout: markdown_page title: Security Researcher Acknowledgments --- To report an issue please read our [responsible disclosure policy](/security/disclosure/). GitLab would like to thank the following individuals and organizations who have made GitLab safer by responsibly disclosing security issues. ## 2018 and later Please see our [HackerOne program](https://hackerone.com/gitlab) and the [Hacktivity of that program](https://hackerone.com/gitlab/hacktivity) ## 2017 - [Jason Ritzke](https://twitter.com/rtzq0) - [#26411](https://gitlab.com/gitlab-org/gitlab-ce/issues/26411) - [Jobert Abma](https://twitter.com/jobertabma) - [HackerOne](https://hackerone.com/jobert) - [#26242](https://gitlab.com/gitlab-org/gitlab-ce/issues/26242) - [#26243](https://gitlab.com/gitlab-org/gitlab-ce/issues/26243) - [#26249](https://gitlab.com/gitlab-org/gitlab-ce/issues/26249) - [#26250](https://gitlab.com/gitlab-org/gitlab-ce/issues/26250) - [#30527](https://gitlab.com/gitlab-org/gitlab-ce/issues/30527) - [#29652](https://gitlab.com/gitlab-org/gitlab-ce/issues/29652) - [Yasin Soliman](https://twitter.com/SecurityYasin) - [#27153](https://gitlab.com/gitlab-org/gitlab-ce/issues/27153) - [#29875](https://gitlab.com/gitlab-org/gitlab-ce/issues/29875) - [#29651](https://gitlab.com/gitlab-org/gitlab-ce/issues/29651) - [#38272](https://gitlab.com/gitlab-org/gitlab-ce/issues/38272) - [NETTAR Adel](https://hackerone.com/nettar) - [#27471](https://gitlab.com/gitlab-org/gitlab-ce/issues/27471) - [Strukt](https://hackerone.com/strukt) - [#17286](https://gitlab.com/gitlab-org/gitlab-ce/issues/17286) - [edio](https://twitter.com/EdOverflow) - [#29081](https://gitlab.com/gitlab-org/gitlab-ce/issues/29081) - [#29374](https://gitlab.com/gitlab-org/gitlab-ce/issues/29374) - [#29413](https://gitlab.com/gitlab-org/gitlab-ce/issues/29413) - [#30250](https://gitlab.com/gitlab-org/gitlab-ce/issues/30250) - [#33310](https://gitlab.com/gitlab-org/gitlab-ce/issues/33310) - [Chalker](https://github.com/ChALkeR/) - [#30125](https://gitlab.com/gitlab-org/gitlab-ce/issues/30125) - [Timo Schmid](https://www.ernw.de/) - [#29363](https://gitlab.com/gitlab-org/gitlab-ce/issues/29363) - [#29364](https://gitlab.com/gitlab-org/gitlab-ce/issues/29364) - [#28325](https://gitlab.com/gitlab-org/gitlab-ce/issues/28325) - [Eaden McKee](https://twitter.com/eadz) - [#29651](https://gitlab.com/gitlab-org/gitlab-ce/issues/29651) - [Evelyn Lee](https://hackerone.com/evelynleems) - [#31842](https://gitlab.com/gitlab-org/gitlab-ce/issues/31842) - [Peter Lloyd](http://www.cambridgeconsultants.com/) - [#2905](https://gitlab.com/gitlab-org/gitlab-ee/issues/2905) - [Lukas Svoboda](https://github.com/lksv) - [#24570](https://gitlab.com/gitlab-org/gitlab-ce/issues/24570) - [Joern Schneeweisz](http://twitter.com/joernchen) of [Recurity-Labs](http://www.recurity-labs.com/) - [#35212](https://gitlab.com/gitlab-org/gitlab-ce/issues/35212) - [#36091](https://gitlab.com/gitlab-org/gitlab-ce/issues/36091) - [Tim Goddard](https://www.insomniasec.com/) - [#31508](https://gitlab.com/gitlab-org/gitlab-ce/issues/31508) - [Naure](https://twitter.com/aurelcode) - [#31045](https://gitlab.com/gitlab-org/gitlab-ce/issues/31045) - [Ryan Pearl](https://hackerone.com/rpearl) of [KarmicLabs](https://karmiclabs.com/) - [#37946](https://gitlab.com/gitlab-org/gitlab-ce/issues/37946) - [Vishwaraj](https://twitter.com/vishwaraj101) - [#13482](https://gitlab.com/gitlab-org/gitlab-ce/issues/13482) - [Josh Unger](https://gitlab.com/joshunger) - [#38267](https://gitlab.com/gitlab-org/gitlab-ce/issues/38267) - [Eric Rafaloff](https://ericrafaloff.com/) - [#37715](https://gitlab.com/gitlab-org/gitlab-ce/issues/37715) - [Zimmer](https://twitter.com/TEAM_P_TE) - [#34259](https://gitlab.com/gitlab-org/gitlab-ce/issues/34259) - [Corb3nik](https://twitter.com/corb3nik) - [#29655](https://gitlab.com/gitlab-org/gitlab-ce/issues/29655) - [Victor Häggqvist](https://victorhaggqvist.com) - [#32059](https://gitlab.com/gitlab-org/gitlab-ce/issues/32059) - [Matthias Burtscher](https://gitlab.com/mburtscher) - [#36679](https://gitlab.com/gitlab-org/gitlab-ce/issues/36679) - [Hugo Geoffroy](https://gitlab.com/pstch) - [#34910](https://gitlab.com/gitlab-org/gitlab-ce/issues/34910) - [Sylvain Heiniger](https://compass-security.com/) - [#40706](https://gitlab.com/gitlab-org/gitlab-ce/issues/40706) - [Mohammad Hasbini](https://gitlab.com/0xbsec) - [#30663](https://gitlab.com/gitlab-org/gitlab-ce/issues/30663) ## 2016 - Hussain Adnan Hashim - [@Hussain_infosec](https://www.facebook.com/profile.php?id=100004366368341) - Jérémy Chatard - [@jchatard](https://twitter.com/jchatard) - Justin Gerhardt - Vishwaraj Bhattrai - [@vishwaraj101](https://twitter.com/vishwaraj101) - [Anirudh Anand](https://hackerone.com/a0xnirudh) - [0daylabs](https://www.0daylabs.com/) - [#13625](https://gitlab.com/gitlab-org/gitlab-ce/issues/13625) - [#15331](https://gitlab.com/gitlab-org/gitlab-ce/issues/15331) - [#17299](https://gitlab.com/gitlab-org/gitlab-ce/issues/17299) - Patrick Fiedler - [#14607](https://gitlab.com/gitlab-org/gitlab-ce/issues/14607) - [#23548](https://gitlab.com/gitlab-org/gitlab-ce/issues/23548) - [Jobert Abma](https://twitter.com/jobertabma) - [HackerOne](https://hackerone.com/jobert) - [#14898](https://gitlab.com/gitlab-org/gitlab-ce/issues/14898) - [#14900](https://gitlab.com/gitlab-org/gitlab-ce/issues/14900) - [#15437](https://gitlab.com/gitlab-org/gitlab-ce/issues/15437) - [#15439](https://gitlab.com/gitlab-org/gitlab-ce/issues/15439) - [#15576](https://gitlab.com/gitlab-org/gitlab-ce/issues/15576) - [#15577](https://gitlab.com/gitlab-org/gitlab-ce/issues/15577) - [#15579](https://gitlab.com/gitlab-org/gitlab-ce/issues/15579) - [#15580](https://gitlab.com/gitlab-org/gitlab-ce/issues/15580) - [#15591](https://gitlab.com/gitlab-org/gitlab-ce/issues/15591) - [#17298](https://gitlab.com/gitlab-org/gitlab-ce/issues/17298) - [#20802](https://gitlab.com/gitlab-org/gitlab-ce/issues/20802) - [#20974](https://gitlab.com/gitlab-org/gitlab-ce/issues/20974) - [#21167](https://gitlab.com/gitlab-org/gitlab-ce/issues/21167) - [#23822](https://gitlab.com/gitlab-org/gitlab-ce/issues/23822) - [#25064](https://gitlab.com/gitlab-org/gitlab-ce/issues/25064) - Teun Beijers - [#15126](https://gitlab.com/gitlab-org/gitlab-ce/issues/15126) - [#15434](https://gitlab.com/gitlab-org/gitlab-ce/issues/15434) - [#18997](https://gitlab.com/gitlab-org/gitlab-ce/issues/18997) - [RonMurz](https://hackerone.com/ronmurz) - [#15389](https://gitlab.com/gitlab-org/gitlab-ce/issues/15389) - Gearlles Ferreira - [#15522](https://gitlab.com/gitlab-org/gitlab-ce/issues/15522) - [Mustafa Hasan](https://twitter.com/strukt93) - [#17243](https://gitlab.com/gitlab-org/gitlab-ce/issues/17243) - [Bharanidharan R.](https://www.linkedin.com/in/bharanidharanceh) - [www-gitlab-com#667](https://gitlab.com/gitlab-com/www-gitlab-com/issues/667) - [Vishwaraj Bhattrai](https://hackerone.com/vraj) - [#17249](https://gitlab.com/gitlab-org/gitlab-ce/issues/17249) - [Madhu Akula](http://twitter.com/madhuakula) - [Appsecco](http://appsecco.com) - [#18188](https://gitlab.com/gitlab-org/gitlab-ce/issues/18188) - [Colin Dean](https://hackerone.com/colindean) - [#19102](https://gitlab.com/gitlab-org/gitlab-ce/issues/19102) - Ron Arts - [#18033](https://gitlab.com/gitlab-org/gitlab-ce/issues/18033) - Niels Keurentjes - [#19312](https://gitlab.com/gitlab-org/gitlab-ce/issues/19312) - [Dylan Katz](https://dylankatz.com) - [#21017](https://gitlab.com/gitlab-org/gitlab-ce/issues/21017) - [Skylar Kelty](https://hackerone.com/skylarkelty) - [#21457](https://gitlab.com/gitlab-org/gitlab-ce/issues/21457) - Christian Bönning - [gitlab-ee#1046](https://gitlab.com/gitlab-org/gitlab-ee/issues/1046) - [Pete Yaworski](https://twitter.com/yaworsk) - [#19799](https://gitlab.com/gitlab-org/gitlab-ce/issues/19799) - [Mohamed Ebrahem](https://www.facebook.com/PSX0S404) - [#23153](https://gitlab.com/gitlab-org/gitlab-ce/issues/23153) - [Frans Rosén](https://hackerone.com/fransrosen) - [HackerOne#174983](https://hackerone.com/reports/174983) - [Kristiyan Bogdanov](https://www.linkedin.com/in/kristiyan-bogdanov-86641a60) - [#25249](https://gitlab.com/gitlab-org/gitlab-ce/issues/25249) ## 2015 - Kamil Trzciński - [Polidea](http://www.polidea.com/) - [Nithish Varghese](https://www.facebook.com/nithish.varghese) - Mohamed Abdelbaset Elnoby, Senior Information Security Analyst at Seekurity.com - Artem Chistyakov - [@artemchistyakov](https://twitter.com/artemchistyakov) - [Ciro Santilli](http://www.cirosantilli.com/) - [C Vishnu Vardhan Reddy](https://www.facebook.com/vishnu.dfx) - [Sane Sindhuja Reddy](https://www.facebook.com/sindhuja.reddy.137) - [Muhammad Shahzaib](http://www.facebook.com/shazaib.malik.56) - [Ben khlifa Fahmi](https://twitter.com/benkhlifa_fahmi) [(Tunisian Whitehats Security)](http://benkhlifa.com/) - [Shawar Khan](https://www.facebook.com/shawarkhanskofficial) ## 2014 - [Wesecureapp](http://wesecureapp.com) - Hugh Davenport - [All The Things Ltd](http://allthethings.co.nz) - Frans Rosén - [https://detectify.com](https://detectify.com) - Mika Mäenpää, Department of Pervasive Computing @ Tampere. University of Technology - Filippos Mastrogiannis - [LinkedIn](https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177) - Mazen Gamal Mesbah - [@MazenGamal](https://twitter.com/mazengamal) - Evan Ricafort - [www.evanricafort.com](http://www.evanricafort.com) - ChenQin, Network and Information Security Lab @ Tsinghua University - Simone Memoli - [@Simon90_Italy](https://twitter.com/Simon90_Italy) - Muhammad Talha Khan - [facebook.com/mtk911](https://www.facebook.com/mtk911) - Nakul Mohan - [@Anonymous_India](https://twitter.com/Nakul_Mohan_Cia) - Hardik Tailor - [@iamhardiktailor](https://twitter.com/iamhardiktailor) - Sergio Galán - [@NaxoneZ](https://twitter.com/NaxoneZ) - Anurag Giri - [facebook.com/Surgent10cross](https://www.facebook.com/Surgent10cross) - Shahee Mirza - [@shaheemirza](https://twitter.com/shaheemirza) - Wyatt J. Brown - Jakub Zoczek - [Blog](http://zoczus.blogspot.com) - Ben Campbell of MWR InfoSecurity - [labs.mwrinfosecurity.com](https://labs.mwrinfosecurity.com) ## 2011 - 2013 - Yuji Kosuga - [@yujikosuga](https://twitter.com/yujikosuga) - M.R.Vignesh Kumar - [@vigneshkumarmr](https://twitter.com/vigneshkumarmr) - [Ajay Singh Negi](http://computersecuritywithethicalhacking.blogspot.in/) - [@AjaySinghNegi](https://twitter.com/ajaysinghnegi) - Krutarth Shukla - [@Krutarth Shukla](https://twitter.com/KrutarthShukla) - [Shashank](http://www.freemium-devils.in/) - [@cyberboyIndia](https://twitter.com/cyberboyIndia) - Atulkumar Hariba Shedage - Rafay Baloch - [http://rafayhackingarticles.net](http://rafayhackingarticles.net/) - Himanshu Kumar Das - [@mehimansu](https://twitter.com/mehimansu) - Ali Hasan Ghauri - [http://alihassanpenetrationtester.blogspot.com/](http://alihassanpenetrationtester.blogspot.com/) - Remy van Elst - [https://raymii.org](https://raymii.org/) - Chiragh Dewan - [@ChiraghDewan](https://twitter.com/ChiraghDewan) - Emanuel Bronshtein - [@e3amn2l](https://twitter.com/e3amn2l) - Kamil Sevi - [@kamilsevi](https://twitter.com/kamilsevi) - [Guifré Ruiz Utgés](https://linkedin.com/in/guifre) - Ricardo Sateler - [@rsateler](https://twitter.com/rsateler) - Tejash Patel - [http://www.backtracktutorial.com](http://www.backtracktutorial.com/) - Adam Ziaja - [http://adamziaja.com](http://adamziaja.com/) - Frans Rosén - [https://detectify.com](https://detectify.com/) - Ehraz Ahmed - [@securityexe](https://twitter.com/securityexe) - [Muhammad Mujtaba](http://www.twitter.com/mushti) - [BugSheet](http://www.bugsheet.com) - [Narendra Bhati(R00t Sh3ll)](https://twitter.com/imnarendrabhati) - Cyber Octet Pvt. Ltd. - NITESH SHILPKAR - [@NiteshShilpkar](https://twitter.com/NiteshShilpkar) - [Mayank Bhatodra](https://www.facebook.com/iamyourfri3nd) - Joe DeMesy - [Bishop Fox](http://www.bishopfox.com/) - Osanda Malith Jayathissa - [@OsandaMalith](https://twitter.com/OsandaMalith) - Manish Bhattacharya - [http://manishbhattacharya.com](http://manishbhattacharya.com) - [Saurabh Chandrakant Nemade](https://www.facebook.com/saurabh.nemade) - Pradeep - [@_IND3C0D3](https://twitter.com/_IND3C0D3) - Pralhad Chaskar - [@c0d3xpl0it](https://twitter.com/c0d3xpl0it) - Devesh Bhatt - [@deveshbhatt11](https://twitter.com/deveshbhatt11) - [Daksh Patel](https://facebook.com/dakshxss) - Ketankumar B. Godhani - [@KBGodhani](https://twitter.com/KBGodhani) - Mukesh Dhama and Rishiraj Sharma - joernchen of [Phenoelit](http://www.phenoelit.de/) - Nigel Kukard - [http://www.allworldit.com](http://www.allworldit.com) - Sahil Saif - [@bewithsahilsaif](https://twitter.com/bewithsahilsaif) - Matthew DeTullio - [http://www.linkedin.com/in/mjdetullio](http://www.linkedin.com/in/mjdetullio) - Abdullah Hussam Gazi - [@Abdulahhusam](https://twitter.com/Abdulahhusam) - Agastya Rudroj - Jay Turla of HP Fortify