Home
Global
Global
Home
Global

Responsible Disclosure Statement

BASF investigates all reports of security vulnerabilities affecting BASF web presence. If you are a security researcher and believe you have found a security vulnerability, please send an e-mail to us at BASF Responsible Disclosure.

Our guidelines

  • Give us enough details to reproduce the vulnerability
  • Allow us a reasonable amount of time to fix the vulnerability before making any information public
  • Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found
  • Do not ask for compensation for your report
     

Our commitment

  • We will let you know when we received your report
  • We will give you an estimate of how long the fix will take
  • We will tell you when we have fixed the vulnerability
     

Our thanks

If your vulnerability report is valid and you would like to be recognized for your contribution, we will gladly add you to our “Heroes of BASF” list, by name or anonymously. We will only add you to our “Heroes of BASF” list, if this is explicitly requested by you.

 

Heroes of BASF

The following researchers have helped us identify and fix vulnerabilities. Thanks to all!

July - Dec 2023

Ereshwari Valmik  LinkedIn

Mohan Kumar N  LinkedIn

Kauê Navarro      LinkedIn

Abdul Samad    LinkedIn

Clandestine    Twitter

Takshal Patel

Tirth A Patel

Navreet S.   LinkedIn

aoxsin    @aoxsin

Oday Ahmed

Shivam Sharma   LinkedIn

Prince Kumar  LinkedIn

Adrian Tirado Garcia  LinkedIn

Tabassum Saif

Sachin Paraddy

Miguel Segovia Gil   LinkedIn

Gaurang Maheta   LinkedIn

Immanuel Willi   LinkedIn

M K Rahul Rao/Bugboy07   LinkedIn

Nikhil Kumar A/SpiritBoy   LinkedIn

Saad Ibna Hossain

Jan - June 2023

nhiephon Twitter

Husain and Mansoor  E-Mail

Biswajeet Ray

Mridul Vohra LinkedIn

Amit Kumar Biswas Twitter

Sanjay Singh 

Rohit Sharma  LinkedIn

ahmad alassaf

Ereshwari Valmik

Sumeet Baa  Twitter

Satyam Singh  LinkedIn

Mukund Bhuva  LinkedIn

Karimul Islam Shezan  Twitter

Satyam Shinde  LinkedIn

Ayansh Sinha  LinkedIn

 

Azad Meena  LinkedIn

Durvesh Kolhe  LinkedIn

Umang Bawaria  LinkedIn

Aman Verma 

Nirjhar Banik  LinkedIn

Rishabh Gupta  LinkedIn

Dida Arda

Abhijith A  LinkedIn

Abdul Samad  LinkedIn

Dzmitry Smaliak

Yash Kushwah  LinkedIn

Amiy Kumar

Marthala Guru Maheswara Reddy  LinkedIn

Noor Mohammad Gagguturi  LinkedIn

Vinit Lakra  LinkedIn

Umang Bawaria  LinkedIn

Sankalpa Baral  Facebook

Sagar Ramesh Jondhale  LinkedIn

Boya Vamshi Krishna  LinkedIn

Mitchell Robson  Website

Aashay Kadam  LinkedIn

Ayush Jhanwar  LinkedIn

Brijesh Prajapati  Twitter

Deepak Kumar

Nitesh Singh  

Falko L  

Michael Klimenko  

Vijay Sutar (Sierra circuit)  

Ori Levi  

A. Damodaran Facebook

Pranay Bantawa Facebook

Tahmid Niloy   Facebook

AOXSIN  Twitter

Deepak Kumar ( CipherEra ) 

Ravindra Dagale  LinkedIn

D. Nussko  Website

Edge Nask

Ramansh Sharma  LinkedIn

Amen Al Aloush  Linkedin  

Ahmad Alassaf   

Meet Narkhede  Linkedin

Krishna Agarwal  Linkedin    

Mr!dul Vohra  LinkedIn 

Rohit Sharma  LinkedIn

Felipe Gabriel Renzi  LinkedIn

Nikhil Rane  LinkedIn

Damanpreet Singh  Twitter

Venkatesh L Sharma  Twitter

Farhan Islam Shafin  Twitter

Harsh Bhanushali  LinkedIn

love yadav  LinkedIn

S. Kushwaha   GitHub

Muhammad Hasyim Asyari  Website

Dinesh Kumar  LinkedIn

Harinder Singh(S1N6H) 

Girish B O 

Kokalagi Rushikesh LinkedIn

Soham Lad  LinkedIn

Kunal Karnik

Felipe Gabriel Renzi

Ramesh Kumar Sekar LinkedIn

hoggervr (South Africa) LinkedIn

Aman Kumar LinkedIn

Ravi Kishor @DrAppSec

Kushagra Sarathe

Muhammad Julfikar Hyder @thejulfikar

Kiran Battaluri

Guillermo Gregorio LinkedIn

Mik

Sagar Yadav @sagaryadav8742

Alan Abhilash @alan_abhilash

Mohit Khemchandani

snak3 @_snak3

Aswin Krishna @733n_wolf

Gaurav Popalghat @N008x

Pranshu Tiwari 

Ravi Teja

Soma Harish Reddy Mannem 

Abdelrahman Khaled 

Ansan Binoy

Prathamesh Surekha Prakash Pawar

Vijay Farswan @Veloc

Vikas Yadav 

Jan Hoersch (Secure Systems Engineering)

Shaun Budding @pudsec

Carsten Sandker (Secure Systems Engineering)

Abhinav Sharma @Dtattoedhackers

Nasur Ullah 

Yehonatan Shachor

Rahul Varale LinkedIn

Ashutosh Raval  

Bharat (mrnoob)

Paul Dannewitz  

Ananthu J

Navneet Anand LinkedIn

Simranjit Singh 

Florian Kunushevci

Shail Shah

Kamran Saifullah

Avishek Nayal

Gopi Akkalaneni

Mehedi Hasan Remon

Roy Mustang

Gul Hameed

Ahmed Hegazy

Marc Seguin

Aditya Thebe

Naveen Kumawat

Fawaz Masood Qureshi LinkedIn

Raveen. G @kill__3r

Elwin Shaji @elwin_shaji

Ai Ho @j3ssiejjj

Foysal Ahmed Fahim @foysal1197

Kasper Karlsson

Sanem Sudheendra LinkedIn

Ritik Chaddha @RitikChaddha

Patrick Lang LinkedIn

Indira Sabeesh

SecuNinja secu.ninja

Vedant Shinde

Yunus Aydin @aydinnyunuss

Mohd Waseyuddin @waseyuddin

Pardon Mukoy LinkedIn

Husain Murabbi LinkedIn

Mansoor Rangwala LinkedIn

Abdullah Khawaja @hax_3xploit

Gal Nagli

Abhijeet Sarkar
Agung Saputra
Agung Saputra Ch Lages
Deep Yadav
G Sri Tharun Reddy
Khizar Ul Haq
Hamza Shahid
lalka1337
Lalka

Mohammad Berro
Mustafa Diaa 
Ratnadip Gajbhiye 
Rituraj Vishwakarma
Sachin Sharma 
Shivam Pandey
Sumit Grover @sumgr0
Ubaid Ahmed 
Utkarsh Agrawal

Vishnu
Vismit Rakhecha

Abhishek Misal

Adity Jadhav

Aditya Jadhav

Akash Labade

Akash Mondal

Amal Mohandas

Ankit Singh

Ashish Kunwar

Danish Tariq

Florian Zyprian

Jayesh Patel

Jose Carlos Exposito Bueno

Juba Baghdad

Mahesh Raykar

Mehul Patil

Mitesh Patil

Muhammad Qasim Munir

Murtada Kamil

Pratik Raut

Saynam Chawla

Shivam Kamboj

Shubham Maheshwari

Sourav Newatia

Vineet Kumar

Yeasir Arafat

Djaber Djoukhrab

Please note: In sharing information with us, you agree that the information will be considered as non-proprietary and non-confidential and that we are allowed to use the information in any manner, in whole or in part, without any restriction. Sharing information with us does not constitute any rights for you or any obligation for us.

Please do not share any personal information with us. Any personal information shared with us will be processed and used in accordance with the applicable data protection regulation; however, BASF will not store any personal information about you unless you provide them to us. By requesting to be added to our “Heroes of BASF” list, you explicitly consent in the publication, use and processing of your name.