We would like to recognize the following individuals for making significant contributions to SimpleRisk:

SimpleRisk Core

  • Dr. Christian de Lamboy - Performed translations for the German version.
  • Ben Allen - Static analysis of SimpleRisk.
  • Carlos Salazar and Fernando Garcia - Performed translations for the Spanish version.
  • Robson Dobzinski Marques Jr. - Helped to get internationalization set up and performed translations for the Portuguese version.
  • Karthik Gaekwad - Helped with some of the CSS, especially on the project prioritization page.
  • Ryan Dewhurst - Responsible disclosure of an HTML injection vulnerability that allowed us to have a new version released before the CVE was even issued.
  • Mo Li & Xilin Wang - Analysis of advanced reporting features for SimpleRisk and contributions to the Dynamic Risk Report.
  • Jim Manico - Helping to make the SimpleRisk code bullet-proof from web application vulnerabilities.
  • Jeff Holden - Added code in upgrade script to handle "grant all" permissions for database users.
  • Matthew Frick - Created instructions for proper setup of SimpleRisk using SELinux.
  • N.J. Ouchin - Creation of vFeed tool which provides the CVE lookup automation for SimpleRisk.
  • Jim Cusick - Provided the Nginx configuration for the SimpleRisk API.
  • James Whittlesea - Provided the IIS configuration for the SimpleRisk API.
  • Gjoko Krstic - Responsible disclosure of two XSS vulnerabilities.
  • Mohamed A. Baset - Responsible disclosure of a XSS vulnerability.
  • San Thosh - Responsible disclosure of a XSS vulnerability.
  • Samet Sahin - Responsible disclosure of a XSS vulnerability.
  • Nick Moore - Code contribution for handling same min and max asset values, handling PHP configuration limits for file uploads, and updates to the Dynamic Risk Report.
  • Milo VanDerLinden - Notification of a wrong version number being included in the 20180830-001 database schema.  Fix for empty approximate time when creating an audit test.  Conversion of various static text to use the language file.  Dutch language translations.

SimpleRisk Websites

  • Sajibe Kanti - Recommendation to enable Strict Transport Security headers on the SimpleRisk website.
  • Steven Hampton - Recommendation to enable X-XSS-Protection headers on the SimpleRisk website.
  • Mohammed Israil - Recommendation to set a maxlength value on the Contact Us form on the SimpleRisk website.
  • Pethuraj M - Notification of Apache version information being included on error page on updates.simplerisk.com.
  • Lacroute Serge - Responsible disclosure of a XSS vulnerability affecting a couple of web forms.
  • Guhan Raja - Responsible disclosure of a XSS vulnerability affecting a web form.
  • Karthik K - Notification of Apache version information being sent in headers on demo.simplerisk.com.
  • Prathamesh Joshi - Notification of Apache version information being included on a SimpleRisk sub-domain.
  • Vipul Dwivedi - Notification of publicly accessible web.config file.
  • Vipul Dwivedi, Nikhil Ahire & Shivam Srivastava - Suggestion to add a SPF record for the simplerisk.com domain.
  • Kamran Saifullah - Notification of user enumeration issue and recommendation to lock down login form on simplerisk.com
  • Md. Nur A Alam Dipu - Notification of an information disclosure vulnerability resulting from a full disk on the simplerisk.com web server.
  • Mohammed Israil - Notification of setting allowing any GitHub user to publish a wiki page under the SimpleRisk GitHub repositories.