Acknowledgments

OneBookPlus is built and operated by a single person. The security of customer data is a shared responsibility — and the security researchers who responsibly disclose vulnerabilities to us are part of how we keep our customers safe.

This page lists those researchers. If you'd like your name (or handle) added after a valid report and a deployed fix, let us know — see our vulnerability disclosure policy for the process.

2026#

No public acknowledgements yet for 2026. If you're the first, you'll be listed here.

How to be listed here#

If you've reported a valid vulnerability under our disclosure policy and you'd like public credit:

1. Tell us in your report (or in any follow-up email) what name or handle you'd like used, and an optional one-line note about the finding.
2. After we deploy the fix, we'll list you here within 14 days — see the response-time table on the disclosure policy page.
3. If you change your mind later (e.g. you want your entry removed, your handle updated, or your link changed), email [email protected] — we'll honour the request.

We don't list anyone without their express consent. We don't list invalid reports, duplicate reports, or reports that are out-of-scope per the disclosure policy.

What about CVEs?#

If a finding warrants a CVE, we'll request one through MITRE during the resolution process. Where a CVE is assigned, we'll list it next to the entry above.

Bounty?#

We don't currently run a paid bug-bounty programme. Acknowledgement here is the public form of thanks. If we add a paid programme in the future, we'll announce it on the disclosure policy page.