Based on GitLab’s bug bounty program reports from recent years, here are some of the most notable bug hunters who have made significant contributions:
-
mateuszek: Recognized for submitting the most valid reports in 2023, with a total of 26.
-
js_noob: A newcomer in 2023 who made 19 valid reports, earning recognition for their impactful contributions.
-
yvvdwf: Celebrated for consistently providing well-written reports, earning the “Best Written Reports” accolade for two consecutive years (2022 and 2023).
-
joaxcar: Acknowledged for submitting the most valid reports (22) in 2022 and for innovative findings, including a novel local git read vulnerability.
-
albatraoz: A newcomer in 2022 who made seven valid and resolved reports, demonstrating significant potential.
-
vakzz: Recognized in 2022 for innovative reports, including a novel local git read vulnerability.
-
taraszelyk: Honored for submitting impactful findings in 2022, particularly back-to-back information disclosure submissions that led to significant security improvements.
-
pwnie: In 2023, discovered an arbitrary file read vulnerability with a CVSS score of 10, highlighting the critical nature of the finding.
These researchers have played pivotal roles in enhancing GitLab’s security through their diligent bug hunting efforts.
For a deeper insight into the experiences of one of these top contributors, you might find the following discussion informative:
- https://x.com/joaxcar/status/1699863367706415188
- https://x.com/gregxsunday/status/1876999129978544375
- https://www.youtube.com/live/3LF8fpAX6Xk
- https://www.youtube.com/watch?v=Env8L2SlayM&ab_channel=CriticalThinking-BugBountyPodcast
- https://www.youtube.com/live/kw168DGAILk
- https://hackerone.com/gitlab/thanks?type=team