Security Hall of Fame

The people listed here have, in one way or another, discovered a security vulnerability in my software or my infrastructure, and reported it to me. As a token of gratitude for their responsible and prompt disclosure, they are featured on this page. Hopefully, this list stays short.

2025

@plate - discovered that I left debug information in my CI workflow that automatically deployed updates to my website, leaking an SSH private key that granted limited access to my ingress. Honourable mention to @nyx for threatening to replace my site with a rickroll while I was invalidating the key, which I thought was pretty funny. (2025-04-22)

2025#

2025