We would like to recognize the following individuals for making significant contributions to SimpleRisk:

SimpleRisk Core

  • Dr. Christian de Lamboy - Performed translations for the German version.
  • Ben Allen - Static analysis of SimpleRisk.
  • Carlos Salazar and Fernando Garcia - Performed translations for the Spanish version.
  • Robson Dobzinski Marques Jr. - Helped to get internationalization set up and performed translations for the Portuguese version.
  • Karthik Gaekwad - Helped with some of the CSS, especially on the project prioritization page.
  • Ryan Dewhurst - Responsible disclosure of an HTML injection vulnerability that allowed us to have a new version released before the CVE was even issued.
  • Mo Li & Xilin Wang - Analysis of advanced reporting features for SimpleRisk and contributions to the Dynamic Risk Report.
  • Jim Manico - Helping to make the SimpleRisk code bullet-proof from web application vulnerabilities.
  • Jeff Holden - Added code in upgrade script to handle "grant all" permissions for database users.
  • Matthew Frick - Created instructions for proper setup of SimpleRisk using SELinux.
  • N.J. Ouchin - Creation of vFeed tool which provides the CVE lookup automation for SimpleRisk.
  • Jim Cusick - Provided the Nginx configuration for the SimpleRisk API.
  • James Whittlesea - Provided the IIS configuration for the SimpleRisk API.
  • Gjoko Krstic - Responsible disclosure of two XSS vulnerabilities.
  • Mohamed A. Baset - Responsible disclosure of a XSS vulnerability.
  • San Thosh - Responsible disclosure of a XSS vulnerability.
  • Samet Sahin - Responsible disclosure of a XSS vulnerability.
  • Nick Moore - Code contribution for handling same min and max asset values, handling PHP configuration limits for file uploads, and updates to the Dynamic Risk Report.

SimpleRisk Websites

  • Sajibe Kanti - Recommendation to enable Strict Transport Security headers on the SimpleRisk website.
  • Steven Hampton - Recommendation to enable X-XSS-Protection headers on the SimpleRisk website.
  • Mohammed Israil - Recommendation to set a maxlength value on the Contact Us form on the SimpleRisk website.
  • Pethuraj M - Notification of Apache version information being included on error page on updates.simplerisk.com.
  • Lacroute Serge - Responsible disclosure of a XSS vulnerability affecting a couple of web forms.
  • Guhan Raja - Responsible disclosure of a XSS vulnerability affecting a web form.
  • Karthik K - Notification of Apache version information being sent in headers on demo.simplerisk.com.
  • Prathamesh Joshi - Notification of Apache version information being included on a SimpleRisk sub-domain.
  • Vipul Dwivedi - Notification of publicly accessible web.config file.