Security Researcher Appreciation Page

craigslist would like to thank the following security researchers who have helped make craigslist safer by finding and responsibly disclosing security issues.

To be eligible for this list, you must be the first person to responsibly disclose a valid issue and allow us a reasonable amount of time to address the issue before public disclosure.

Please report such issues through our security contact form.

When reporting an issue, please let us know if you would like your disclosure to be considered for public acknowledgement.

 Security Researcher [Issue Type] - Date

• Robert Villalon (@robd4k) [XSS] - Oct 2016
  
• Idomin (swehack.org) [XSS] - Aug 2016
• Huzaifa Tahir [XSS] - Jun 2016
• Arjun V [XSS] - May 2016
• Daniel Bakker [CRLF / Header Injection] - Mar 2016
• Sarwar Jahan [Clickjacking] - Dec 2015
• Egor Homakov [XSS] - Mar 2015
• xsscrapy (openbugbounty.org) [XSS] - Sep 2014
• Nethanel Gelernter [XSS] - Jul 2014
• Mike Felch [Potential RCE] - Jun 2014
• Chip Thien [XSS] - Feb 2014