INDEPENDENT SECURITY RESEARCHER·BUG BOUNTY·CVE AUTHOR

Defense in depth or defense in death.

CVE
46
CVEs assigned
BUGS
46+
Bugs reported
ORG
25+
Organizations
PAT
1
Awarded patent
(all of this worked on my machine.)
Trusted research across the industry
// 00.5
RECOGNITIONS

Acknowledged by world-class security teams

CERN, Kaspersky, U.S. Department of Defense, OWASP, Bitdefender, DSCI
CERN · European Organization for Nuclear Research

Computer Security Kudos Page

CERN runs the Large Hadron Collider (the world's largest particle accelerator) and much of the open-source scientific software it publishes (ROOT for data analysis, Geant4 for particle simulation, Delphes for detector simulation) is used across high-energy physics, NASA and ESA space missions, and hospital radiotherapy planning. I reported critical vulnerabilities in ROOT and the first CVE ever assigned in Geant4's history; the CERN Computer Security Team added my name to their public Kudos page.

2026
View on CERN Kudos →
Kaspersky · Neuromorphic Platform PSIRT

Vulnerability Acknowledgments

Kaspersky's PSIRT runs a coordinated-disclosure program that publicly credits external researchers. My reports targeted the Kaspersky Neuromorphic Platform (their open-source framework for running brain-inspired spiking neural networks on specialised AI inference hardware) where I found memory-safety issues in the FlatBuffers + ZMQ communication layer. Kaspersky acknowledged the findings in their Security Researcher Acknowledgements bulletin.

2026
View on Kaspersky →
DSCI · Data Security Council of India

Letter of Appreciation

DSCI is India's national cybersecurity council, established by NASSCOM and backed by the Indian government. It operates the national Threat Intelligence Platform used to monitor cyber threats against India's critical infrastructure. I discovered three vulnerabilities in the platform, including unauthenticated access to configuration data and full source code exposure, all patched. DSCI's CEO Vinayak Godse issued a Letter of Appreciation for the responsible disclosure.

2026
Letter of Appreciation →
OWASP CERVANTES · Official OWASP Project

2 Letters of Recognition

OWASP Cervantes is an official project under the Open Web Application Security Project, the leading non-profit dedicated to web application security. Grayback is its vulnerability disclosure platform. I reported two web vulnerabilities through the VDP program: a stored Cross-Site Scripting that persisted JavaScript on the application, and a Server-Side Template Injection that allowed expressions to be evaluated on the server. Both findings were acknowledged with individual Letters of Recognition signed by Ruben Mesquida, OWASP Project Leader.

2026
Letter of Recognition (XSS) → Letter of Recognition (SSTI) →
U.S. DEPARTMENT OF DEFENSE · Vulnerability Disclosure Program

Recognized by the U.S. Department of Defense

The U.S. Department of Defense runs one of the largest vulnerability disclosure programs in the world, coordinated by the Defense Cyber Crime Center (DC3) on HackerOne. I submitted a vulnerability report that was triaged and resolved by the DoD security team, earning the Insecticide and Good Samaritan platform badges.

2026
HackerOne report (resolved) →
BITDEFENDER · Bug Bounty Hall of Fame

Bitdefender Bug Bounty Hall of Fame

Bitdefender is a global cybersecurity company. I reported two out-of-bounds write vulnerabilities in Napoca, their open-source bare-metal hypervisor, both reachable from a guest virtual machine. Bitdefender assigned two CVEs and listed me in their public Bug Bounty Hall of Fame.

2026
View Hall of Fame →
// 01
VULNERABILITY DISCLOSURES

46 CVEs, publicly disclosed.

Across 23 targets, ordered by severity
// 02
VENDOR-CONFIRMED

Findings confirmed by vendors

10+ confirmations · CVE pending, fix shipped, or acknowledged
// 03
METHODOLOGY

Where the bugs live

by language · bug class · domain · tooling
Source Language
where the bugs live
Bug Class
memory safety dominates
Domain / Platform
where the code runs
Tooling & Techniques
how I found them
// 04
INNOVATION

Patent & other contributions