Responsible Disclosure Statement
BASF investigates all reports of security vulnerabilities affecting BASF web presence. If you are a security researcher and believe you have found a security vulnerability, please send an e-mail to us at BASF Responsible Disclosure.
Our guidelines
- Give us enough details to reproduce the vulnerability
- Allow us a reasonable amount of time to fix the vulnerability before making any information public
- Avoid data deletion, unauthorized data access, and service disruption while testing the vulnerability you found
- Do not ask for compensation for your report
Our commitment
- We will let you know when we received your report
- We will give you an estimate of how long the fix will take
- We will tell you when we have fixed the vulnerability
Our thanks
If your vulnerability report is valid and you would like to be recognized for your contribution, we will gladly add you to our “Heroes of BASF” list, by name or anonymously. We will only add you to our “Heroes of BASF” list, if this is explicitly requested by you.
Heroes of BASF
The following researchers have helped us identify and fix vulnerabilities. Thanks to all!
2023
2022
Harsh Bhanushali LinkedIn
love yadav LinkedIn
S. Kushwaha https://github.com/anabelle666
Muhammad Hasyim Asyari read.cv/pondev
Dinesh Kumar LinkedIn
Harinder Singh(S1N6H) LinkedIn
Girish B O LinkedIn
Kokalagi Rushikesh LinkedIn - 3RaasRK
Soham Lad LinkedIn
Kunal Karnik
Felipe Gabriel Renzi
Ramesh Kumar Sekar LinkedIn
hoggervr (South Africa) LinkedIn
Aman Kumar LinkedIn
Ravi Kishor @DrAppSec
Kushagra Sarathe
Muhammad Julfikar Hyder @thejulfikar
Kiran Battaluri
Guillermo Gregorio LinkedIn
Mik
Sagar Yadav @sagaryadav8742
Alan Abhilash @alan_abhilash
Mohit Khemchandani
snak3 @_snak3
Aswin Krishna @733n_wolf
Gaurav Popalghat @N008x
Pranshu Tiwari LinkedIn
Soma Harish Reddy Mannem
Abdelrahman Khaled @AbdoKha34396133
Ansan Binoy
Prathamesh Surekha Prakash Pawar
Vijay Farswan @Veloc
Vikas Yadav @mrrobot1o1
Jan Hoersch (Secure Systems Engineering)
Shaun Budding @pudsec
Carsten Sandker (Secure Systems Engineering)
Abhinav Sharma @Dtattoedhackers
Nasur Ullah @Spy0x01
Yehonatan Shachor
Rahul Varale LinkedIn
Ashutosh Raval LinkedIn
Bharat (mrnoob)
Paul Dannewitz https:/dannewitz.ninja
Ananthu J
Navneet Anand LinkedIn
Simranjit Singh LinkedIn
Florian Kunushevci
Shail Shah
Kamran Saifullah
Avishek Nayal
Gopi Akkalaneni
Mehedi Hasan Remon
Roy Mustang
Gul Hameed
Ahmed Hegazy
Marc Seguin
Aditya Thebe
Naveen Kumawat
Fawaz Masood Qureshi LinkedIn
Raveen. G @kill__3r
Elwin Shaji @elwin_shaji
Ai Ho @j3ssiejjj
Foysal Ahmed Fahim @foysal1197
Kasper Karlsson
Sanem Sudheendra LinkedIn
Ritik Chaddha @RitikChaddha
Patrick Lang LinkedIn
Indira Sabeesh
SecuNinja secu.ninja
Vedant Shinde
Yunus Aydin @aydinnyunuss
Mohd Waseyuddin @waseyuddin
Pardon Mukoy LinkedIn
Husain Murabbi LinkedIn
Mansoor Rangwala LinkedIn
Abdullah Khawaja @hax_3xploit
Gal Nagli
Abhijeet Sarkar
Agung Saputra
Agung Saputra Ch Lages
Deep Yadav
G Sri Tharun Reddy
Khizar Ul Haq
Hamza Shahid
lalka1337
Lalka
Mohammad Berro
Mustafa Diaa
Ratnadip Gajbhiye
Rituraj Vishwakarma
Sachin Sharma
Shivam Pandey
Sumit Grover @sumgr0
Ubaid Ahmed
Utkarsh Agrawal
Vishnu
Vismit Rakhecha
Please note: In sharing information with us, you agree that the information will be considered as non-proprietary and non-confidential and that we are allowed to use the information in any manner, in whole or in part, without any restriction. Sharing information with us does not constitute any rights for you or any obligation for us.
Please do not share any personal information with us. Any personal information shared with us will be processed and used in accordance with the applicable data protection regulation; however, BASF will not store any personal information about you unless you provide them to us. By requesting to be added to our “Heroes of BASF” list, you explicitly consent in the publication, use and processing of your name.