List of security contributors

Thank you and H5YR for making Umbraco safer 🙌

We regularly get reports about security issues in Umbraco and appreciate those very much, we'd like to thank the following people for their amazing efforts in making Umbraco more secure:

• João Mendes - Devoteam Cyber Trust, Portugal
• Arne Hildrum - NTNU university Gjøvik
• Kristian Eriksen - NTNU university Gjøvik
• Erik Hansen-Tangen Breien - NTNU university Gjøvik
• Ahmed Hazem - Cyshield
• Ivan Valadares
• Pratik Patil - NetSPI
• Kira
• Michal Biesiada
• Tarik Essadki
• Duong Phamm
• David Armitage - Recsite Design
• David Taylor - Core Vision
• Bogdan Kosarevskyi, Andrey Karandashov, and Dmytro Minaev - UKAD
• Marcin Węgłowski and Mariusz Popławski - AFINE Team
• Jeffrey Schoemaker - Perplex Internetmarketing
• Kai Stimpson - Perspective Risk Ltd
• Josh Grossman - Comsec Global Consulting
• Steve Smith - BMT Group Ltd
• Martial Puygrenier - NES Cyber Security Experts
• Christian Bruun
• Frederik Raabye - Dubex A/S
• Grégory Draperi
• Ronald Barendse - Panorama Studios
• Steven Harland - Quorum Cyber
• Boik Su 
• Abhishek Karle
• Jonathan Yarema – Trustwave
• Shofe Miraz - CyberCX
• Christoph Kim - Born Digital
• Gary O’Leary-Steele - AppCheck Ltd
• Hesham Mahmoud
• Pontus Andersson
• Raphael Silva - checkmarx
• Patrik Jezierski - QESTIT
• Joshua Nibbs - Aura Information Security
• Bram Heijmink - Proud Nerds

And thanks to the following people for pointing out configuration errors on some of our own properties:

• Shwetabh Suman
• Srishail Racharla
• Vasim Shaikh
• Suyog Palav
• Pal Patel
• Md. Nur A Alam Dipu
• Sameer Phad
• Danish Tariq
• Mustafa Diaa
• Ketan Madhukar Mukane
• Hafiz Muhammad Farhan
• Umar Ahmed 
• Anurag Muley
• Yash Agarwal
• Vivek Panday
• Hemant Patidar
• Akhil Sabu
• Hitesh Paliya
• Irshad Ahamed
• Gourab Sadhukhan
• Subhamoy Guha
• Badal Sardhara
• Adrian Gigliotti
• Qazi Abdullah Alam
• Prathamesh Surekha Prakash Pawar
• Tameem Khalid
• Deepak Dhiman

External companies reporting and supporting us in fixing security issues:

• SEC Consult Unternehmensberatung GmbH.
• KraftWerk technologies GmbH 
• Tenable - view report
  • Conclusion: All reported issues are identified as medium risk without any identified exploitations and have been resolved in collaboration with the reporter.

Note: we include only people in this list who bring us actionable items. Sending us results of automated scans is usually not helpful and won't automatically qualify you for a credit. Additionally, we only credit the first person who points out a problem that we can fix. Consecutive reports of the same issue will not be credited. if you want to know how best to report a security vulnerability in Umbraco, please follow the official guideline.