Security Disclosure Program

Owned by Ben Derr
Nov 13, 2023
1 min read

Tidepool operates a security disclosure program to help external users report bugs and reward open source security researchers for their independent efforts reviewing our code and application. To date, we have had over 45 valid and well-documented bugs reported and many have been prioritized and fixed.

Search this space

We are grateful for the transparency and additional eyes that are brought to bear on our application. One of the cited strengths of Open Source code has always been Eric S. Raymond’s Linus’s Law, which reads:

"given enough eyeballs, all bugs are shallow".

- Linus's law

While this theory has been argued due to lack of evidence and the acknowledgement that the number of bugs reported does not scale to the number of security reviewers available, there is still no question that there is benefit to providing access to source code not only for collaboration and development but security visibility and transparency. Tidepool believes that open works better than closed in security, and that security-by-obscurity is no security at all.

Tidepool wishes to recognize and thank the following researchers who have reported well-documented application bugs, security concerns, software or infrastructure misconfigurations that could present a risk to Tidepool organization and application security.

All of the following researchers have been provided bug bounties for their work.

Tidepool Security Hall of Fame (HoF)

Security Researcher

Date(s)

Security Researcher

Date(s)

1

Tarun Garg
https://www.linkedin.com/in/tarun-garg-892807165/

2021-09-21

2

Ronak Nahar
https://www.linkedin.com/in/naharronak/

2020-01-21
2020-01-30

3

Nithish M. Varghese
https://www.breachlock.com

2017-04-11

4

Agrah Jain

2020-03-31

5

Naveen Roy

2020-04-06

6

Sathyavathi Ramesh

2020-04-16

7

Janmejaya Swain

2020-04-14
2020-04-18
2020-04-22
2020-04-27
2020-06-12

8

Dhanu Maalaian

2020-05-27

9

sagar banwa

2020-06-06

10

Hemant Patidar
https://www.linkedin.com/in/hemantsolo/

2020-06-15

11

amateur_2light
https://www.linkedin.com/in/kirankumar-subuddi-395376147

2020-06-24

12

Dheeraj Madhukar

2020-06-24
2020-08-10
2020-11-09

13

Susantoso Hasan

2020-11-17

14

Shubham Panchal

2020-12-08

15

Vasanth GN
https://www.linkedin.com/in/vasanth-gn-3163a155

2021-01-06

16

Janmejaya Swain
https://www.linkedin.com/in/janmejayaswainofficial

2021-01-11

17

Ankit Jeetendra Bhanushali 

https://www.linkedin.com/in/ankit-bhanushali-25b341152

2021-02-08
2021-02-21
2020-05-14

18

Naveen Kumar

2021-03-29

19

Nitin Gloplani

2017-05-04

20

Saroosh Naz
https://twitter.com/WhootG

2017-05-17

21

Shivam Kumar Agarwal

2017-04-13

22

Vicky Vk

2017-04-24

23

Irtaza Shaikh

2017-08-04
2019-09-11

24

Areeb Tahir
https://www.securesiz.com

2017-08-21

25

waqar vicky

2018-05-18
2018-05-21

26

Ali Razzaq

2018-07-24

27

Shuaib Oladigbolu

2018-07-26
2018-07-31

28

Surendra Tiwari

2019-01-20

29

Pethuraj M
https://www.pethuraj.com/

2019-02-26

30

Ashish Kunwar

2019-03-13
2019-03-31

31

sajan Mishra

2019-09-18

32

Hacker Ahmed

2019-09-20

33

Ketan Madhukar Mukane

2019-09-23

34

Tarun Mahour - Abhaychandra Chede

2019-11-30

 

The content of the Tidepool Technical Documentation is licensed under a Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.