Security Researcher Hall of Fame

We maintain a Security Researcher Hall of Fame to thank individuals who have discovered medium or high vulnerabilities and worked with us to resolve them.

Maara JilekMay 5, 2020
Wafa AbbasFeb. 8, 2019
Akaash Mukesh SharmaSept. 26, 2017
Piyush kumarSept. 20, 2017
Yeasir ArafatSept. 15, 2017
Markus SchirpJan. 7, 2016
Jason MarmonDec. 15, 2014
Kevin McCarthyApril 7, 2014
Ashishkumar B. DhadukMarch 26, 2014
Scott GlossopMarch 26, 2014
Nitesh Kumar ShilpkarMarch 25, 2014
Rodolfo Godalle, Jr.March 15, 2014
Anirban SinghaSept. 26, 2017
Harry M. GertosSept. 20, 2017
Pal PatelJune 21, 2017
Danyal ZafarAug. 8, 2015
Aditya AgrawalApril 7, 2014
J.M. GazzalyMarch 27, 2014
Muhammad Talha KhanMarch 26, 2014
S. VenkateshMarch 26, 2014
Osanda Malith JayathissaMarch 21, 2014
Jayvardhan SinghFeb. 3, 2014

To be included on this list, responsibly disclose a security report to us, and provide adequate time to fix the issue. We'd be happy to link to your professional website and/or send you CircleCI swag.

Have a security concern about CircleCI?

We're confident in our implementation around matters such as cryptomining, email spoofing, and DKIM records. However, here are some issues we would be excited to hear about:

  • Injection vulnerabilities
  • Authentication or session problems
  • Improper access to sensitive data
  • Broken access controls
  • Cross-site scripting
  • Anything from the OWASP Top 10 Project

Upon discovering a vulnerability, we ask that you act in a way to protect our users' data:

  • Inform us as soon as possible.
  • Test against fake data and accounts, not our users' private data (please ask if you'd like a free account to work on this).
  • Work with us to close the vulnerability before disclosing it to others.

Report your security concerns to CircleCI.

If you are reporting a sensitive issue, please encrypt your message using our security team's GPG key (ID: 0x4013DDA7, fingerprint: 3CD2 A48F 2071 61C0 B9B7 1AE2 6170 15B8 4013 DDA7)


Thank You for Submitting Your Info

You should receive an automated response notifying you that we received your info. Someone from our Enterprise team will be reaching out to you shortly.

CircleCI Success Logo