Our team appreciates the work of security researchers and their efforts to
keep our community safe. We want promote responsible disclosure of security
vulnerabilities and provide a means for you to share information with us.
We've created this page to discuss this.
Responsible disclosure includes:
Giving Gliph a reasonable amount of time to fix an issue before you publish it.
Making a good faith effort to avoid privacy violations, the destruction of data or interuption of service.
If you follow these rules, we will not bring a lawsuit against you or involve
a law enforcement agency. We'll thank you.
We are at the start of our responsible disclosure program. At this time, we
are offering to publish the names and link out to whitehats who have helped
Gliph realize and fix security bugs. At some point in the future, we may
retroactively reward all Whitehats. We may also institute an official bounty
program at any time.
This list is not necessarily complete. We evaluate all reports on a case-by-
Denial of Service vulnerabilities
Spam or Social Engineering techniques
Non-security related bugs
Issues related to WordPress
You can disclose a vulnerability by emailing email@example.com. We will do our
best to respond as quickly as possible. You may also report it directly to the
In your disclosure, please include a description and potential impact, steps
to reproduce the issue or a proof of concept and a name and link for
attribution (if desired).
Thank you for helping us keep the Gliph community safe!
Anand Prakash (@sehacure)
Danijel Maksimović (@Maxon3)
Ajay Singh Negi (@AjaySinghNegi)
Priyal Viroja (LinkedIn)
Frans Rosén (@detectify)
Ehraz Ahmed (@securityexe)
Krutarth Shukla (@KrutarthShukla)
Andrei Miu (@bibz0r)
Sahil Saif (@bewithsahilsaif)
Mukesh Dhama (Facebook)
Hielke de Vries (LinkedIn)
Jay Turla of HP Fortify (@shipcod3)
Ketan Sirigiri (@Cigniti)
Owais Mehtab (LinkedIn)
S. Venkatesh (@pranavvenkats)
Evan Ricafort (Homepage)
Nithish Varghese (Facebook)
Vikas Kumar (@vikasraj225)
Note: This list consists of bug reports of a significant nature. It is not
covered by our responsible disclosure policy and names are included at our
Sunil Dadhich (@Sunil_Dadhich7)
Anand Sundar Tiwari (@anandtiwarics)
Harsha Vardhan Boppana (@hvboppana)
J Muhammed Gazzaly (@gazly)
This program crawled on the 2015-06-30 is sorted as bounty.