Security Hall of Fame

ISO Mate is grateful to the security researchers who take the time to responsibly report vulnerabilities to us. Their work helps us keep our platform and our customers safe. This page recognizes the people who have made a valued contribution to the security of ISO Mate.

A Note on Compensation

ISO Mate does not currently operate a paid bug bounty program. We are an early-stage company, and at this time we are not in a financial position to offer monetary rewards for vulnerability reports.

We want to be completely transparent about this. Rather than let your contribution go unrecognized, every researcher who responsibly discloses a valid vulnerability is added to a list for future compensation. When the company reaches a financial position that allows it, we intend to recognize these contributions retrospectively. Being listed here is our commitment to that promise.

Responsible Disclosure

We ask that researchers give us a reasonable opportunity to investigate and remediate a reported issue before disclosing it publicly. To protect our customers, we only add a researcher and the details of their finding to this page after the vulnerability has been fully remediated. Entries are published with the researcher’s permission, and we are happy to credit you by name, handle, or anonymously, whichever you prefer.

Recognized Researchers

The researchers below have responsibly disclosed vulnerabilities that we have since remediated. We add new entries here as reports are validated and fixed, with each researcher’s permission.

ResearcherVulnerability reportedDate recognized
AnonymousMissing HTTP Strict Transport Security (HSTS) enforcement on the API, which could allow an HTTPS downgrade attack on a hostile network. Now remediated.June 2026

How to Report a Vulnerability

If you believe you have found a security vulnerability in ISO Mate, please email us at security@isomate.io with enough detail for us to reproduce and validate the issue. We will acknowledge your report, keep you informed as we investigate, and let you know once the issue is resolved. For more information about how we protect your data, see our Security Practices page.

Contact

For anything related to security or responsible disclosure, please contact us at security@isomate.io.