Advisories, Bulletins & Notices
Security Advisory
BlackBerry may issue a security advisory to inform customers about the resolution of a confirmed vulnerability in a supported BlackBerry product to address a confirmed vulnerability. Unlike a security notice (described below), which aims to inform customers of a vulnerability, a security advisory includes information on the security issue as well as the software update that addresses the vulnerability.
Customers can expect the advisory to include technical details regarding the vulnerability, mitigations, workarounds and authoritative guidance to reduce their risk. BBPSIRT releases security advisories on the second Tuesday of the month, in alignment with current industry practice. However, if there is imminent risk to customers, we will release a security advisory sooner to help ensure customers are protected.
Security Notice
BlackBerry issues security notices when appropriate to inform customers about high-visibility software vulnerabilities that BlackBerry is investigating and has determined to impact supported BlackBerry products, and is working to address for supported BlackBerry products.
Customers can expect security notices to provide mitigations, workarounds, and authoritative guidance to reduce any potential risk. We do not follow a set schedule for issuing security notices, but rather release these notifications as needed to provide customers with information on how best to secure their products.
Security Bulletin
BlackBerry issues security bulletins to notify users of its BlackBerry powered by Android smartphones about available security fixes in its monthly Security Maintenance Release update. The bulletin is in response to the monthly Android Security Bulletin and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.
Customers can expect security bulletins to provide a complete list of security vulnerabilities fixed in the monthly Security Maintenance Release. BBPSIRT regularly releases security bulletins on the first Monday of the month.
Privacy Notice
BlackBerry issues privacy notices to inform customers about third-party applications that do not clearly or adequately inform customers of how the app is accessing and possibly using their data. While such apps do not typically appear to have to have malicious objectives or aim to mislead customers, we want to provide customers with information regarding an app’s behavior in order for them to make an informed decision about whether to continue using the app.
Customers can expect privacy notices to include information about the application’s behavior, and how to remove it, if the customer determines that is the best course of action. We release privacy notices as needed on the third Tuesday of the month in order to provide customers with a predictable schedule for receiving information.
Malware Notice
BlackBerry issues malware notices to inform customers about third-party applications that contain code developed with malicious intent.
Customers can expect malware notices to provide them with details about the malware’s behavior, potential mitigations and guidance on how to remove it from their device. Similar to security notices, malware notices are released as needed to inform and protect customers, and there is no set schedule.
BlackBerry remains committed to providing customers a unique level of protection, especially as mobile devices are playing a greater role in their busy lives. By publicly releasing notices and security updates, we are providing customers with the tools and information that they need to help safeguard their BlackBerry products. Additionally, through this type of public disclosure, we are continuing to foster industry collaboration as we work to improve security for the mobile landscape overall.
2024 Security Advisories, Bulletins & Notices
- BSRT-2024-002 - Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE (November 12, 2024)
- QNX-2024-002 - Vulnerability in QNX Networking Stack Impacts BlackBerry QNX Software Development Platform (SDP) (October 8, 2024)
- BSRT-2024-001 - Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows (August 20, 2024)
- QNX-2024-001 - Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP) (June 11, 2024)
2023 Security Advisories, Bulletins & Notices
- QNX-2023-001 - Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP) (November 14, 2023)
- BSRT-2023-001 - Vulnerabilities in Management Console and Self-Service Impact AtHoc Server (September 12, 2023)
2022 Security Advisories, Bulletins & Notices
- QNX-2022-001 Vulnerability in QNX Neutrino Kernel Impacts QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety (January 11, 2022)
2021 Security Advisories, Bulletins & Notices
- QNX-2021-002 Vulnerability in BMP Image Codec Impacts BlackBerry QNX Software Development Platform (SDP) (November 18, 2021)
- BSRT-2021-003 Vulnerabilities Impact BlackBerry Protect for Windows (November 9, 2021)
- QNX-2021-001 Vulnerability in the C Runtime Library Impacts BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety (August 17, 2021)
- BSRT-2021-002 Vulnerabilities in Management Console Impact BlackBerry UEM (May 11, 2021)
- BSRT-2021-001 Vulnerability in SAML Authentication Impacts BlackBerry Workspaces Server (deployed with Appliance-X) (May 11, 2021)
- BlackBerry Powered by Android Security Bulletin - February 2021 (February 8, 2021)
- BlackBerry Powered by Android Security Bulletin - January 2021 (January 22, 2021)
2020 Security Advisories, Bulletins & Notices
- BlackBerry Powered by Android Security Bulletin - December 2020 (December 22, 2020)
- BlackBerry Powered by Android Security Bulletin - November 2020 (November 25, 2020)
- BlackBerry Powered by Android Security Bulletin - September 2020 (October 16, 2020)
- BSRT-2020-003 Vulnerability in UEM Core Impacts BlackBerry UEM (October 13, 2020)
- QNX-2020-001 Vulnerability in slinger web server Impacts BlackBerry QNX Software Development Platform (August 11, 2020)
- BlackBerry Powered by Android Security Bulletin - July 2020 (August 4, 2020)
- BlackBerry Powered by Android Security Bulletin - May 2020 (June 19, 2020)
- BSRT-2020-002 Input Validation Vulnerability in Server Configuration Management Impacts BlackBerry Workspaces Server (deployed with Appliance-X) (June 9, 2020)
- BSRT-2020-001 Local File Inclusion Vulnerability in Apache Tomcat Impacts BlackBerry Workspaces Server and BlackBerry Good Control (April 14, 2020)
- BlackBerry Powered by Android Security Bulletin - March 2020 (March 25, 2020)
2019 Security Advisories, Bulletins & Notices
- BlackBerry Powered by Android Security Bulletin - December 2019 (January 6, 2020)
- BlackBerry Powered by Android Security Bulletin - November 2019 (November 27, 2019)
- BlackBerry Powered by Android Security Bulletin - October 2019 (October 28, 2019)
- BlackBerry Powered by Android Security Bulletin - September 2019 (September 25, 2019)
- BlackBerry Powered by Android Security Bulletin - August 2019 (August 8, 2019)
- BlackBerry Powered by Android Security Bulletin - July 2019 (July 29, 2019)
- QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform (July 11, 2019)
- BlackBerry Powered by Android Security Bulletin - June 2019 (June 10, 2019)
- BlackBerry Powered by Android Security Bulletin - May 2019 (May 24, 2019)
- BSRT-2019-002 Vulnerability in UEM Core Impacts BlackBerry UEM (April 17, 2019)
- BSRT-2019-001 Vulnerability in Management System Impacts BlackBerry AtHoc (March 12, 2019)
- BlackBerry powered by Android Security Bulletin - March 2019 (March 13, 2019)
- BlackBerry powered by Android Security Bulletin - February 2019 (February 5, 2019)
- BlackBerry powered by Android Security Bulletin - January 2019 (January 29, 2019)
2018 Security Advisories, Bulletins & Notices
- BSRT-2018-005 Vulnerabilities in Management Console Affect Impacted Versions of BlackBerry UEM (December 18, 2018)
- BlackBerry powered by Android Security Bulletin - December 2018 (December 14, 2018)
- BlackBerry powered by Android Security Bulletin - November 2018 (November 5, 2018)
- BlackBerry powered by Android Security Bulletin - October 2018 (October 18, 2018)
- BSRT-2018-004 Information Disclosure Vulnerability in Management Console impacts UEM (October 9, 2018)
- BSRT-2018-003 Directory Traversal Vulnerability Affects the Connect Service of the BlackBerry Enterprise Mobility Server(September 18, 2018)
- BlackBerry powered by Android Security Bulletin - September 2018 (September 17, 2018)
- BlackBerry powered by Android Security Bulletin - August 2018 (August 30, 2018)
- BlackBerry powered by Android Security Bulletin - July 2018 (August 30, 2018)
- BlackBerry powered by Android Security Bulletin - June 2018 (June 18, 2018)
- BlackBerry powered by Android Security Bulletin - May 2018 (May 14, 2018)
- BlackBerry powered by Android Security Bulletin - April 2018 (May 14, 2018)
- BlackBerry powered by Android Security Bulletin - March 2018 (March 14, 2018)
- BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM (March 13, 2018)
- BlackBerry powered by Android Security Bulletin - February 2018 (February 12, 2018)
- BlackBerry powered by Android Security Bulletin - January 2018 (January 15, 2018)
2017 Security Advisories, Bulletins & Notices
- BlackBerry powered by Android Security Bulletin - December 2017 (December 15, 2017)
- QNX-2017-001 Multiple vulnerabilities impact BlackBerry QNX Software Development Platform (November 14, 2017)
- BlackBerry powered by Android Security Bulletin - November 2017 (November 8, 2017)
- BlackBerry response to the impact of the vulnerabilities known as KRACK on BlackBerry products (October 27, 2017) Updated
- BlackBerry powered by Android Security Bulletin - October 2017 (October 27, 2017)
- BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspaces (October 16, 2017)
- BlackBerry response to impact of the vulnerabilities known as BlueBorne on BlackBerry products (September 15, 2017)
- BlackBerry powered by Android Security Bulletin - September 2017 (September 6, 2017) Updated
- BlackBerry powered by Android Security Bulletin - August 2017 (August 14, 2017)
- BSRT-2017-005 Vulnerability in Workspaces Server components impacts BlackBerry Workspaces SAML-IDP bridge (August 9, 2017)
- BlackBerry powered by Android Security Bulletin - July 2017 (July 5, 2017)
- BlackBerry powered by Android Security Bulletin - June 2017 (June 5, 2017)
- BSRT-2017-004 Vulnerability in UEM Management Console impacts UEM (May 9, 2017)
- BlackBerry powered by Android Security Bulletin - May 2017 (May 5, 2017)
- BlackBerry powered by Android Security Bulletin - April 2017 (April 6, 2017)
- BlackBerry powered by Android Security Bulletin - March 2017 (March 7, 2017)
- BlackBerry powered by Android Security Bulletin - February 2017 (February 6, 2017)
- BSRT-2017-003 Vulnerability in WatchDox Server components impacts WatchDox by BlackBerry (January 10, 2017)
- BSRT-2017-002 Information disclosure vulnerability affects BES12 (January 10, 2017)
- BSRT-2017-001 Vulnerability in BES Core impacts BES12 (January 10, 2017)
- BlackBerry powered by Android Security Bulletin - January 2017 (January 3, 2017)
2016 Security Advisories, Bulletins & Notices
- BSRT-2016-008 Remote shell execution vulnerability affects Good Enterprise Management Server (December 14, 2016)
- BlackBerry powered by Android Security Bulletin - December 2016 (December 5, 2016)
- BlackBerry powered by Android Security Bulletin - November 2016 (November 7, 2016)
- BlackBerry powered by Android Security Bulletin - October 2016 (October 3, 2016)
- BlackBerry powered by Android Security Bulletin – September 2016 (September 6, 2016)
- BSRT-2016-007 Vulnerability in Qualcomm kernel driver impacts BlackBerry powered by Android smartphones - August 15, 2016
- BlackBerry powered by Android Security Bulletin – August 2016 - August 1, 2016
- BSRT-2016-006 Information disclosure vulnerability affects Good Control Server - July 12, 2016
- BlackBerry powered by Android Security Bulletin – July 2016 - July 6, 2016
- BlackBerry powered by Android Security Bulletin – June 2016 - June 6, 2016
- BlackBerry powered by Android Security Bulletin – May 2016 - May 2, 2016
- Privacy Notice – Card Games for US apps - April 19, 2016
- BSRT-2016-005 Vulnerability in BES12 Management Console impacts BES12 - April 12, 2016
- BSRT-2016-004 Vulnerabilities in BES12 Management Console impact BES12 - April 12, 2016
- BSRT-2016-003 Vulnerability in BES12 Management Console impacts BES12 - April 12, 2016
- BlackBerry powered by Android Security Bulletin – April 2016 - April 4, 2016
- BSRT-2016-002 Vulnerability in Android/Linux kernel impacts BlackBerry PRIV smartphones - March 23, 2016
- Privacy Notice – 1RoughEdge apps - March 15, 2016
- BlackBerry powered by Android Security Bulletin – March 2016 - March 7, 2016
- BSRT-2016-001 Vulnerabilities in BES12 Management Console impact BES12 - February 17, 2016
- BlackBerry powered by Android Security Bulletin – February 2016 - February 1, 2016
- BlackBerry powered by Android Security Bulletin – January 2016 - January 4, 2016
2015 Security Advisories, Bulletins & Notices
- BlackBerry powered by Android Security Bulletin - December 2015 - December 7, 2015
- BSRT-2015-002 Vulnerability in BES12 Management Console impacts BES12 - November 10, 2015
- BSRT-2015-001 Vulnerability in Codec Demux shipped with BlackBerry Link - July 14, 2015
- Privacy Notice - Digital Publishing Asia apps - June 16, 2015
- BlackBerry response to OpenSSL "FREAK" vulnerability - March 12, 2015 Updated
- Malware Notice - Hill Racer - March 11, 2015
2014 Security Advisories, Bulletins & Notices
- BlackBerry response to reports of tethered jailbreak vulnerabilities - Dec. 26, 2014
- BlackBerry response to SSLv3 "POODLE" vulnerability - Oct. 20, 2014 Updated
- BSRT-2014-008 Vulnerability in BlackBerry World service affects BlackBerry 10 smartphones - Oct. 14, 2014
- BSRT-2014-007 Information disclosure vulnerability affects BlackBerry Enterprise Service 10 and BlackBerry Enterprise Server 5.0.4 - Aug. 12, 2014
- BSRT-2014-006 Vulnerability in file sharing service affects BlackBerry Z10, BlackBerry Z30, BlackBerry Q10, and BlackBerry Q5 smartphones - Aug. 12, 2014
- BlackBerry response to OpenSSL vulnerabilities - June 24, 2014 Updated
- BSRT-2014-005 Information disclosure vulnerability in OpenSSL affects BlackBerry products - May 13, 2014
- BSRT-2014-004 Vulnerabilities in Adobe Flash impact BlackBerry Z10, BlackBerry Q10, and BlackBerry Q5 smartphone software - May 13, 2014
- BlackBerry response to OpenSSL "Heartbleed" vulnerability - April 10, 2014 Updated
- BSRT-2014-003 BSRT-2014-003 Vulnerability in qconnDoor service affects BlackBerry 10 smartphones - April 8, 2014
- Privacy Notice - PT. Linktone Indonesia Apps - Feb. 18, 2014 Updated
- BSRT-2014-002 Information disclosure vulnerability affects BlackBerry Enterprise Service 10, Universal Device Service 6 and BlackBerry Enterprise Server 5.0.4 - Feb. 11, 2014 Updated
- BSRT-2014-001 Vulnerabilities in Adobe Flash impact BlackBerry Z10 and BlackBerry Q10 smartphone and BlackBerry PlayBook tablet software - Jan. 14, 2014
2013 Security Advisories, Bulletins & Notices
- Privacy Notice - mxData Ltd Apps - Nov. 19, 2013 Updated
- BSRT-2013-012 Vulnerability in remote file access feature impacts BlackBerry Link - Nov. 12, 2013
- BSRT-2013-011 Vulnerability in BlackBerry Universal Device Service wrapper impacts BlackBerry Enterprise Service 10 - Oct. 8, 2013 Updated
- Privacy Notice - Enthuon, FunDo, KuchhBhi4U Apps - Sept. 17, 2013
- BSRT-2013-010 Vulnerability in Webkit browser engine impacts BlackBerry Z10 smartphone software - Sept. 10, 2013
- BSRT-2013-009 Vulnerabilities in libexif impact BlackBerry PlayBook tablet software - Sept. 10, 2013
- BSRT-2013-008 Vulnerability in Webkit browser engine impacts BlackBerry Z10 smartphone and BlackBerry PlayBook tablet software - Sept. 10, 2013
- BSRT-2013-007 Vulnerabilities in Adobe Flash Player version included with the BlackBerry Z10 and BlackBerry Q10 and BlackBerry PlayBook tablet software - Sept. 10, 2013
- BSRT-2013-006 Vulnerability in BlackBerry Protect impacts BlackBerry Z10 smartphone software - June 11, 2013 Updated
- BSRT-2013-005 Vulnerability in Adobe Flash Player version included with the BlackBerry Z10 smartphone and the BlackBerry PlayBook tablet software - June 11, 2013
- BSRT-2013-004 Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software - May 14, 2013
- Privacy Notice - InMobiles Apps - March 7, 2013 Updated
- BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution - Feb. 12, 2013 Updated
- Privacy Notice - NumberBook - Feb. 1, 2013
- BSRT-2013-002 Vulnerability in Samba service impacts BlackBerry PlayBook tablet file sharing - Jan. 8, 2013
- BSRT-2013-001 Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet software - Jan. 8, 2013
2012 Security Advisories, Bulletins & Notices
2011 Security Advisories, Bulletins & Notices
- Elevation of privilege vulnerability in file sharing capability impacts the BlackBerry PlayBook tablet software - December 06, 2011
- Vulnerability in a component of the BlackBerry Enterprise Server could allow one enterprise instant messaging user to impersonate another - October 11, 2011
- Vulnerabilities in Adobe Flash Player version included with the BlackBerry PlayBook tablet - October 6, 2011
- Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution - August 9, 2011
- Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial Denial of Service - July 12, 2011
- Vulnerabilities in Adobe Flash Player included with the BlackBerry PlayBook tablet software - June 20, 2011
- Cross-site scripting (XSS) vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server - April 12, 2011
- Vulnerabilities in Apache Tomcat implementation impact BlackBerry Enterprise Server components - April 12, 2011
- Partial Denial of Service (DoS) in the BlackBerry browser application - January 11, 2011
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server - January 11, 2011
Previous Security Advisories
Security Updates
Helping to protect customers from security threats is the number one priority of the BlackBerry PSIRT. This team provides security updates for publicly released, non-Beta BlackBerry products. The team also scores security issues using the Common Vulnerability Scoring System (CVSS), and those identified as severe are given the highest level of priority.
Before the release of a security update, BlackBerry build and test processes must first determine that the update is of the quality customers expect. The BlackBerry PSIRT publishes security advisories and notices to inform you that updates or guidance are available, and provides the details you need to complete a tailored risk assessment.
Collaborations
Acknowledgements
Acknowledgements By Year
Acknowledgements 2024
- Hitarth Shah - https://www.linkedin.com/in/hitarthshah108/
- Haris Ahmed - https://www.linkedin.com/in/haris-ahmed-ethical-hacker/
- Everton Silva (Hydd3n) - https://www.linkedin.com/in/everton-hydd3n
- Muhammad Humza Zaheer* - https://www.linkedin.com/in/hamza-zaheer-59b677183/
- K.Buvaneshvaran - https://www.linkedin.com/in/buvaneshvaran
- Raajesh - Infoziant Security - https://www.linkedin.com/company/infoziant
- Ishu Jangra - https://linkedin.com/in/ishuhacker
- Aviv Keller - https://www.linkedin.com/in/redyetidev
- Brian Gustafson - https://www.linkedin.com/in/brian-gustafson-25688041
Acknowledgements 2023
- Devansh Chauhan - https://www.linkedin.com/in/devansh-chauhan-b36b6a1b1?utm_source=share&utm_campaign=share_via&utm_content=profile&utm_medium=ios_app
- Yash Kulkarni - https://in.linkedin.com/in/yash-kulkarni-065298265
- ROCK PRATAP SINGH - https://www.linkedin.com/in/rock-pratap-singh-92a28928b
- Tabassum - https://www.linkedin.com/in/tabassum-084a69115
- Infoziant Security - https://infoziantsecurity.com/
- Ishwar Kumar - www.linkedin.com/in/ishwar-kumar-214341284
- Durvesh Kolhe - https://www.linkedin.com/in/durvesh-kolhe-012b54211
- Fat Selimi - https://www.linkedin.com/in/fatselimi
- Ori Levi - https://www.linkedin.com/in/orilevicyber/
- Aditya Singh - https://www.linkedin.com/in/aditya-singh4180
Acknowledgements 2022
- Harsh Verma (synacktra) - https://www.linkedin.com/in/harsh-verma-2401a0224/
- Pauras Patil - https://www.linkedin.com/in/pauras-patil-7469b4190/
- Milan Jain (Scriptkiddie) - https://linkedin.com/in/milan-jain-scriptkiddie-50a738213
- Faizan Ahmed - http://linkedin.com/in/faizan-ahmed-830444236
- Prakash Chand Thakuri - https://www.linkedin.com/in/prakashchand72/
- Vinit Lakra - https://www.linkedin.com/in/vinithacker/
- Hemant Kashyap - https://twitter.com/Herry51130182
- Rohan Prasad Gupta - https://www.linkedin.com/in/rohan-gupta-2209a9190
- Madhurendra Kumar - https://www.linkedin.com/in/m14r41/
- Eusebiu Daniel Blindu - https://twitter.com/simtobos
- NITIN YADAV - https://www.linkedin.com/in/nitin-yadav-11b523223
- Satyam Singh - https://www.linkedin.com/in/satyam-singh-893306221/
- Love Yadav - https://www.linkedin.com/in/love-yadav-5159611a3/
- Hemant Relhan - https://www.linkedin.com/in/hemant-relhan-13503513b
- Sugumaran J - https://www.linkedin.com/in/sugumaranj
- SALAH EDDINE LOUFFIDI - https://www.linkedin.com/in/salah-eddine-louffidi/
- Vinayak Sakhare - https://www.linkedin.com/in/vinayak-sakhare-63b343119/
- Milan jain(scriptkiddie) - https://www.linkedin.com/in/milan-jain-scriptkiddie-50a738213?lipi=urn%3Ali%3Apage%3Ad_flagship3_profile_view_base_contact_details%3BIK4eI%2FPYRtugVVpqq6vzsQ%3D%3D
- NILESH AGRAWAL KOYO - https://twitter.com/koyohere
- Fredric Carl - https://www.linkedin.com/in/fdcarl
- Ereshwari Valmik - https://www.linkedin.com/in/ereshwari-valmik/
- Yash kushwah (@cyberyash951) - https://www.linkedin.com/mwlite/in/yash-kushwah-a80449229
- Harsh Bhanushali - http://linkedin.com/in/harshbhanushali
- Khadir Osama Khadir - https://twitter.com/_naplon
- LawSoul from SentinelX - CMC CyberSecurity RedTeam at https://cmccybersecurity.com/
- Ritik Jangra - https://www.linkedin.com/in/ritik-jangra-03b80a21b
- Krishna Agarwal (@Kr1shna4garwal) - https://www.linkedin.com/in/kr1shna4garwal
- Dzmitry Smaliak - https://twitter.com/haxxm0nkey
- Tolgahan Demirayak - https://www.linkedin.com/in/tolgahandemirayak/
- Ramansh Sharma - https://www.linkedin.com/in/ramansh-sharma/
- Jan Kopec - Lexfo Security - https://twitter.com/blogresponder https://twitter.com/LexfoSecurite
- Swapnil Patil - https://www.linkedin.com/in/swapnil-patil-68a639237
- Amit Kumar Biswas, Security Analyst of Avalance Global Solutions - https://twitter.com/Amitlt2
- Zhe Jing
- Biswajeet Ray - https://www.linkedin.com/in/biswajeet-ray-397742200
- Shirshak Roy - https://www.linkedin.com/in/shirshak-roy-644a971b8/
- RAAJESH G - Infoziant Security - https://infoziantsecurity.com/
- Nikhil Rane - https://www.linkedin.com/in/nikhil-rane-31733a217
- Sick Codes* - https://twitter.com/sickcodes https://www.linkedin.com/in/sickcodes/
- Zythop - https://twitter.com/HaboubiAnis
- Cristi - https://twitter.com/CristiVlad25 https://leakix.net/u/cristi
- Kyaw Myo Han - https://twitter.com/ChrishSec https://github.com/ChrishSec
- Roni Baghdady - http://linkedin.com/in/roni-b-4996471b1
Acknowledgements 2021
- Kyaw Myo Han - https://twitter.com/ChrishSec https://github.com/ChrishSec
- Aniruddh Mistry - https://twitter.com/Aniruddh_Mistry https://linkedin.com/in/aniruddh-mistry-b8540069
- Ahmad Henry Mansour - https://twitter.com/Ahmad_Mansourr
- Abilash. V.L - https://abilashvl.info https://twitter.com/AbilashVL
- Ebrahim Mahrous Hassan Aref - https://www.linkedin.com/in/ebrahim-aref-8978261b6/
- Flaviu Popescu - https://flaviu.io
- Daniel Yagudayev - https://www.linkedin.com/in/daniel-yagudayev-cissp-b900b6ba/
- Mohammed Adam - https://www.linkedin.com/in/mohammedadam24
- Gaurang Maheta - https://www.linkedin.com/in/gaurang883
- Niko Nazila Daelami - https://mobile.twitter.com/Hz3666ghost
- Swapnil Kothawade - https://www.linkedin.com/in/swapnil-kothawade-813854a7/
- Aytac Kalinci* - https://www.linkedin.com/in/aytackalincii/
- Adarsh VS - https://www.linkedin.com/in/adarsh-vs/
- Pethuraj M - https://www.pethuraj.com
- RAAJESH.G* - https://www.linkedin.com/in/raajesh-258a93173/
- Jebarson Immanuel - https://www.linkedin.com/in/jebarson-immanuel/
- Hoang Quoc Thinh (@g4mm4) from RedTeam of VNG Corp - https://www.vng.com.vn
- Nitin Bhangare - https://www.linkedin.com/in/nitin-bhangare-3b248383/
- Vikas Yadav - Twitter: @Mrrobot1o1
- Ravindra Dagale - https://www.linkedin.com/in/ravindra-dagale-5b0913151/
- Daniel Blindu - https://twitter.com/eblindudaniel
- Nilesh Yadav - https://www.linkedin.com/in/nilesh-yadav-43b6b716b/
- Harinder Singh(S1N6H) - https://www.linkedin.com/in/lambardar
- Yingjie Cao* - Sky-Go Team, Qihoo 360 Group
- Gourab Sadhukhan - https://www.linkedin.com/in/gourab-sadhukhan-71158216a/
- Mohd.Danish Abid - https://www.linkedin.com/in/mohd-danish-abid-2083401b3
- Aswin Krishna - https://twitter.com/733n_wolf
- Hasibul Hasan Rifat - https://twitter.com/rifatsec
- Alan Abhilash - https://twitter.com/alan_abhilash
- Tony Marcel Nasr - https://www.linkedin.com/in/tony-nasr
- Divya Singh - @Dgirlwhohacks
- Hariprasaanth R* - www.linkedin.com/in/hariprasaanth
- Muhammad Asjad Sheikh - https://www.linkedin.com/in/asjadd/
Acknowledgements 2020
- Daniel Yagudayev - https://www.linkedin.com/in/daniel-yagudayev-cissp-b900b6ba/
- Harshal S. Sharma - https://www.linkedin.com/in/harshalss-war10ck/
- ahmad alassaf - https://www.linkedin.com/mwlite/in/ahmad-alassaf-63811218a
- Pritam Dash - https://linkedin.com/in/pritam-dash-116931171/
- Xie Ziming and Yan Minrui, 360 SkyGo Team
- Naveen Kumawat(nvk) - https://twitter.com/nvk0x
- Jeya Seelan S - https://www.linkedin.com/in/jeyaseelans
- Omar Khaled Amin ( powerjacobb1 )
- Nandigama Sai Shankar - https://www.linkedin.com/in/nandigama-sai-shankar-38b562147
- Kirtan Patel - https://www.linkedin.com/in/kirtan-patel-02a239166
- Talib Nadeem Usmani, Honeywell Cybersecurity CoE - HCE - https://www.linkedin.com/in/talib-usmani/
- Pankaj Upadhyay* - https://pankajupadhyay.in/
- Mohamed Saqib C - https://www.linkedin.com/in/mohamed-saqib
- Drew Green & Ken Smith, Bank of America
- Wai Yan Aung, @waiyanaun9
- Nikhil Sahoo - https://www.linkedin.com/in/nikhil-sahoo-87204b106/
- Janmejaya Swain - https://www.linkedin.com/in/janmejayaswainofficial
- Agrah Jain - https://www.linkedin.com/in/agrahjain
- Aswin S - https://www.linkedin.com/in/aswin-s-bb2371180
- Prakash Kumar Parthasarathy - https://www.linkedin.com/in/prakashofficial
- Team from Robert Bosch Engineering and Business Solutions
- Debojyoti Bhattacharya https://in.linkedin.com/in/debojyoti-bhattacharya-2777655
- Rajat Jaiswal https://www.linkedin.com/in/rajat-jaiswal-77033b156
- Basavaraj Kurugod https://www.linkedin.com/in/basavaraj-kurugod-642712163
- Sandeep Parvatikar https://www.linkedin.com/in/sandeep-parvatikar-28a32623
- Zin Min Phyo - https://www.facebook.com/zinminphy0
- Bala Elangovan - https://www.linkedin.com/in/bala-elangovan-145b50198/
- Neel Vishwakarma
- Arshad Kazmi - https://twitter.com/arshadkazmi42
- Harsh Rajesh Parekh - https://www.linkedin.com/in/harsh-parekh-8b31211a1
- Shivang Trivedi - https:/www.linkedin.com/in/shivang-triedi-a149b2190/
- Mehmet Can GÜNES - https://twitter.com/mehmetcangunes
- Pratik Dabhi - https://in.linkedin.com/in/pratikmdabhi
Acknowledgements 2019
- Abid Gul Shahid *
- An Phuoc Trinh, @_tint0
- Wai Yan Aung @waiyanaun9
- Kasper Karlsson https://omegapoint.se/
- B.Dhiyaneshwaran
- Michael Magdy @michael74301043
- Dr. Harsh Joshi - https://facebook.com/harshjoshi.85
- Ahmad Halabi - https://www.facebook.com/dragon.shaheen1
- Karann Salunke - @baabayaga07
- Hunter Abubakar - @hunterabubakar
- Pranshu Tiwari
- N. Karthik http://linkedin.com/in/karthik-kumar-reddy-3b10b4128
- S.P. Vasantha Kumar, Vishnu Raj - Infoziant
- Ketan Madhukar Mukane @eSecHax0r
- Octav Opaschi, Detack GmbH - detack.de
- Tinu Tomy @TinuRock007
- Sajjan Singh Nehal www.fastcreatorz.com
- Pan Chau, Anchor Capital Advisors, LLC
- Sameer Phad
- Mustafa Diaa - @c0braBaghdad1
- Angel Tsvetkov https://www.facebook.com/Angel.xkorem
- Tomer Bar - Bug Sec - https://www.linkedin.com/in/tomer-bar-9b15aa137/
- Vishal K Bharad - https://www.linkedin.com/vishal-bharad
- Tijo Davis - https://www.linkedin.com/in/tijo-davis-a906a7141
- YoKo Kho - @YoKoAcc - RnD at Mahapatih Sibernusa Teknologi, PT
- Lorenzo Pirondini, Netcentric, a Cognizant Digital Business - https://www.linkedin.com/in/lorenzo-pirondini
- Pankaj Kumar Thakur (Nepal) - https://linkedin.com/in/pankaj1261
- Lutfu Mert Ceylan - https://linkedin.com/in/lutfumerceylan
Acknowledgements 2018
- Samet Sahin @F4LCONE_
- SKP facebook.com/sumit.patel.0982
- Amine HM
- Ali Hassan Ghori | Danish Tariq DANALWEB
- Tayyab Qadir facebook.com/tqMr.EditOr
- Dhaval Ramani facebook.com/erdhaval.patel
- Karthikeyan Subramaniyan
- Emad Shanab @Alra3ees
- Sara Badran
- Wai Yan Aung @waiyanaun9
- An Phuoc Trinh, @_tint0
- Rafael Pedrero Rodriguez - Telefonica Spain
- Rupert Applin
Acknowledgements 2017
- Vineet Kumar @the_real_clown
- Suyog Palav
- Kenan Genç
- Sadik Shaikh https://www.extremehacking.org/
- Akbar kp www.facebook.com/aKx.nInja
- João Filho Matos Figueiredo github.com/joaomatosf
- Mahmoud Osama @Mahmoud0x00
- Sarankumar VB facebook.com/saranvbz
- Mohd Aqeel Ahmed (Ciph3r00t) facebook.com/ciph3r00t
- Suleman Malik @sulemanmalik_3
- Jon Bottarini @jon_bottarini
- Sadik Shaikh https://www.extremehacking.org/
Acknowledgements 2016
- Rahmat Nurfauzi
- Adam Aiken
- Mrityunjoy Emu
- Md Sameull Islam
- Joe Balhis
- Ali Salem Saeed ( Ali BawazeEer )
- Shivbihari Pandey
- Himanshu Mehta
- Daher Mohamed
- Ye Yint Min Thu Htut
- Jose Carlos Exposito Bueno
- Mohammed Abd Elmageed Eldeeb
- Latish Danawale, Pristine Infosolutions
- Jay K Patel
- Daniel Bakker
- Mohamed Abdelbasset Elnouby, Seekurity Inc.
- Yogendra Jaiswal(mogli)
- Chris Novakovic, Imperial College London
- Azam of Sandjaya @TheRealAzams
- Sajibe Kanti
- Sami Drif
- Kiran Karnad
- Saurabh Pundir of Torrid Networks Pvt Ltd
- Christoph Haas of Securai
- Nicodemo Gawronski of Sec-1 Ltd
- Maciej Grabiec of ING Services Polska
- Teemu Kääriäinen
- Harsh Jaiswa of Bugdisclose
- Armaan Pathan
- Alec Blance
- Ayoub Nait Lamine, Technawi
- Muhammad Osama
- Glenn Whatley, Protec UK
Acknowledgements 2015
- Shahmeer Amir @shahmeer_amir; Maad Security
- Ahmed Khouja
- Chandrakant Nial
- Manish Agrawal
- Mohd Arbaz Hussain
- Gritli Skander
- Geetanjali Das, TCS
- Gerardo Venegas
- OthmaneTamagart aka 0thm4n@WhiteHatSec
- Nikhil Mittal
- Ratna Sekhar
- Tilak Ranjan Sarangi
- Arun Kumar Agrawalla
- Pratik Satapathy
- Mohamed Chamli
- Karim Mohamed Ahmed
- Mennouchi Islam Azeddine
- ALI KASMOU
- Mohammad Abuhassan
- Yakov Shafranovich, Shaftek Enterprises LLC
- YoKo Kho @YoKoAcc
- Aaditya Purani, website
- Pratyush Anjan Sarangi
- Charlie Hothersall-Thomas, Netcraft
- Sergio Maffeis, Imperial College London
- Chris Novakovic, Imperial College London
- Adam Lange, @AdamLangePL
- Sachin Wagh
- DirtyThy, @DirtyThy
- Cyber Warrior Bug Researchers
- Michal Koczwara
- Muhammad Zeeshan
- Karim Rahal
- Nehal S.Ghoratkar
- Ahmed Adel Abdelfattah
- Murat YILMAZLAR
- Tayyab Qadir
- Danyal Zafar
- Rui Silva
- Ahmed Y. Elmogy
- Khair Alhamad @Khair_Alhamad
- Bayrem Ghanmi; Zenzemi Amine; Dorra Mimita Tunisian White hat Security; Ben khlifa fahmi Tunisian White hat & ArabOUG Security
- Nilesh Sapariya
- Russel Van Laurio
- Muhammed Gamal Fahmy
- Konduru Jashwanth ( ProEmTech Infosystems Private Limited)
- Sree Visakh Jain
- Mohamed Khaled Fathy
- Ahmet Can TUNÇKILIÇ
- C Vishnu Vardhan Reddy twitter
- Dinesh Vicky
- Jay Patel
- Muhammad Abdullah
- Pratap Chandra
- Ishwar Prasad Bhat (Vel Tech Multi Tech Dr.Rangarajan Dr.Sakunthala Engineering College, Avadi)
- U.kiran vas Reddy
- Douglas Berdeaux; WeakNet Laboratories
- Sane Sindhuja Reddy
- Gökay Gündogan
- HusseiN98D,@hussein98d, 1nsp3ctus
- Bharat Sewani (individual Bug Hunter)
- Adeleh Mansori, Ramin Farajpour Cami
- Joe Balhis
- Mohammad Naveed
- Jakub Pałaczyński of ING Services Polska
- Ala Arfaoui
- Sumit Sahoo
- Muhammad Talha Khan
- Ayoub Ait Elmokhtar
- Bharat Sewani
- Shawar Khan & D4rk f34r [Ethical Hacker]
- Hamit ABIS
- Kamran Saifullah
- Lawrence Amer
- Charfeddine Hamdi
- Tunisian whitehats
- Deepali Malekar
- Ajay Anand
- Karl Smith, NCC Group
- Ashish Pathak
- SaifAllah benMassaoud
- Abdul Haq Khokhar
- Hemant Bansal
- Ravi Chandroliya, @ChandroliyaRavi
- Ayoub Fathi
- Hammad Shamsi
- Vikas Khanna (Hackerdesk), Gurjant Singh (Hackerdesk), and Harpal Singh (Hackerdesk)
- Vishwaraj Bhattrai
- Pulkit Pandey
- Neeraj R. Godkhindi
- Rakesh Singh
- Christian Galeone
- Alizaib Hassan, www.alizaibhassan.com
- Mohammed Abdulqader Abobaker Al-saggaf
- Osama Ansari
- Harsha Boppana
- M. Asim Shahzad
- Meet Makwana
- Huzaifa Jawaid
- Swapnil A. Thaware, Dream Ocean InfoSec
- Aditya K. Sood, SecNiche Security Labs
- Ankush Mohanty, hackandsecurity9.blogspot.in
- Indrajith.AN
- Rohan Kumar Birtia
- Suhas Sunil Gaikwad
- Jason Gordon
- Sriram
- Mayank Bhatodra
- Ankit Sharma
- Aditya K. Sood, SecNiche Security Labs
- Milan A. Solanki
- Evan Ricafort
Acknowledgements 2014
- Abhishek Dashora
- Shahee Mirza, @shaheemirza
- Ali Hassan Ghori of AHPT
- S.Venkatesh
- Mayur Agnihotri
- Saurabh Chandrakant Nemade
- Rafael Pablos
- Abdul Haq Khokhar
- Michael Brown of Net Direct
- Badí' Yee Tzyypirng, @badiyee
- Abdul Wasay, @AWasayRazzak
- Ahmed Hassan Awan, @hassanawans
- Lalit Kumar, @lalitiitbbs
- Rajat Khanna of PricewaterhouseCoopers
- >Justine Edic
- Abdul Rehman
- Rajeewgandhi Jeyaraj
- Samanthi Jeyaraj
- Jeyaram Jeyaraj
- Myaseen Khan, myaseen.khan@hotmail.com
- Provensec Labs
- Mohammad Yaseen Khan
- Madhu Akula, @madhuakula
- Hardik Tailor, @iamhardiktailor
- Deepak Kumar Nath
- Simone Memoli, @Simon90_Italy
- Filippos Mastrogiannis, @Simon90_Italy
- Jatinder Pal Singh
- Sergio Galán, "NaxoneZ" @NaxoneZ
- Rodolfo Godalle, Jr.
- Chris John Riley, @ChrisJohnRiley
- Dawid Czagan
- Nenad Stojanovski of Spotify
- Yogesh Modi
- Sandeep Singh
- Pradeep Jairamani
- Ankit Bharathan
- Surya Subhash, @pbssubhash
- Parveen Yadav
- Parveen Nair of Kerala Cyber Squad
- Rahul Singh
- Dev Jeet
- Nitin Goplani
- Web Plus
- Muhammad Talha Khan
- Teguh P. Alko
- Erik van Oosbree, @mildata
- Prafull Agarwal
- Aniket Pratap Singh
- Ch. Muhammad Osama
- Ketan Sirigiri,Cigniti Technologies Ltd.
- Marc Rivero López of Aiuken Solutions, @seifreed
- Wang Jing
- Shikhil Sharma, Czar Securities
- El Hadjeui Jamal Eddine, @JamalC0m
- Koutrouss Naddara
- Mohamed Osman Saeed, @krmalab
- Daniel Vasu, RST Forums
- Nakul Mohan, @Nakul_Mohan_Cia
- Jerold Camacho, @karapsyon
- Kamil Sevi, @kamilsevi
- Frank Dick
- Vinesh N. Redkar, @b0rn2pwn
- Gurjant Singh and Mayank Kapoor of Hackerdesk
- Vedachala, @vedachalaka
- Fernando Muñoz
Acknowledgements 2013
For presenting at the BlackBerry Security Summit, June 2013:
- Justin Clarke of Cylance
- Dan Guido of Trail of Bits, Inc.
- Miaubiz
- Jason Shirk of Microsoft
- Adam Meyers of Crowdstrike
- Kurt Baumgartner of Kaspersky
For identifying and reporting a security issue to BlackBerry:
- Ravindra Singh Rathore, @ravindra_hacks
- Aditya K Sood of SecNiche Security Labs, @AdityaKSood
- Paras Pilani of AKS IT Services
- Rishiraj Sharma, @ehrishiraj
- Vedachala, @vedachalaka
- Pralhad Chaskar, @c0d3xpl0it
- Ravikumar Paghdal, @_RaviRamesh
- Pobereznicenco Dan of RSTforums
- Sahil Saif, @bewithsahilsaif
- Muhammad Talha Khan (MTK), @M7K911
- Paul O'Grady, @3v0lver
- Charlie Briggs, @Charlie_N_B
- Dylan Scott Hailey, @TibitXimer
- Ajay Negi, @AjaySinghNegi and Prashant Negi, @prashantnegi_
- Deepankar Arora, @sec403 and Nipun Jaswal, @nipunjaswal
- Shahee Mirza, @ShaheeMirza
- Adam Ziaja, @adamziaja
- Cernica Ionut Cosmin
- Abdullah Hussam Gazi, @Abdulahhusam
- Koutrouss Naddara
- Shubham Shah @infosec_au
- Appthority
- Ankit Bharathan
- Shashank of Pwnsecurity, @cyberboyIndia
- Anagha Devale-Vartak of Avsecurity
- Jatinpreet Singh, @SillyGeek
- Avilash Kumar and Toshendra Sharma
- Gökmen GÜRESÇI @GokmenGuresci
- Juan Broullón Sampedro, @The_Pr0ph3t
- Jayvardhan Singh, @Silent_Screamr
- Nikhalesh Singh Bhadoria, @nikhaleshsingh
- Umer Shakil, @umer_djzz
- Christy Philip Mathew
- Mockingbird
- Raj Sukali of DEFENCELY
- Gordon Johnson of leetupload, @leetupload
- Deepak Kivande
- Sebastian Neef and Tim Schäfers of Internetwache, @internetwache
- Wang Qiushi, @qiushi_w
- Monendra Sahu, @mohitnitrr
- Siddhesh Gawde, @pen3t3r
- Chiragh Dewan , @ChiraghDewan
- Tushar Rajhans Kumbhare, Defencely
- Ehraz Ahmed, @securityexe and Umraz Ahmed, @umrazahmed
- Shubham Raj, Openfire Security
- Team Defencely
- Priyal Viroja
- Anand Prakash, @sehacure
- Sandeep Singh Rehal, @Sandeep_Rehal
- J Muhammed Gazzaly, @gazly
- Rishal Dwivedi of Bhavan's Vivekananda College, @rishaldwivedi and Manjot Singh of Rimt College Mandi Gobindgarh
- Ahmad Ashraff, @yappare
- Yuji Kosuga, @yujikosuga
- Sunil Dadhich, @Sunil_Dadhich7
- Shubham Upadhyay, @CybeRShubhaM
- Simone Memoli, @Simon90_Italy
- Nikhil Srivastava, Javid Hussain @javidhussain21 and Rahul Tyagi @rahultyagihacks from Techdefence Pvt. Ltd.
- Osman Dogan, @osmand0gan
- Ali Hasan Ghauri, AHPT
- Riaz Ebrahim
- Krutarth Shukla, @KrutarthShukla
- Christian Lopez Martin, @phr0nak
- Aditya Balapure, @adityabalapure
- Dragos Scarlatescu, RST
- Himanshu Sharma
- Wong Chieh Yie, @wcypierrenet
- SimranJeet Singh, @TurbanatorSJS
- Florindarck, Hackyard Security Group
- Ajinkya Patil
- M.R.Vignesh Kumar, @vigneshkumarmr
- Danijel Maksimovic, @Maxon3
- Kamil Sevi, @kamilsevi
- Shubham Mittal, @upgoingstar
- Peter Jaric, @peterjaric
- Mirza Burhan Baig, BlacKBitZ!
- Muhammad Waqar, BlacKBitZ!, @MuhammadWaqar_9
- Rafay Baloch, RHA InfoSecurity
- Abhinav Karnawat, \/ w4rri0r \/
- Thamatam Deepak of N&D Corporation, @Deepak_Mr47
- Chaithanya.R.K of EIS pvt Ltd, @ant4g0nist
- Malte Batram, @_batram
- Piyush Malik, @ThePiyushMalik
Acknowledgements 2012
For presenting at the BlackBerry Security Summit, June 2012:
- Robert C. Seacord of the Secure Coding Initiative at CERT, located at Carnegie Mellon’s Software Engineering Institute (SEI)
- Michael Eddington of Deja vu Security
- Vincenzo Iozzo of Trail of Bits, Inc.
- Andy Davis of NCC Group
- Zach Lanier of Veracode
- Dino Dai Zovi of Trail of Bits, Inc.
- Joshua Lackey of AT&T
- Willem Pinckaers of Matasano Security
For identifying and reporting a security issue to BlackBerry:
- Andy Davis of NCC Group
- Tim Brown, Nth Dimension
Acknowledgements 2011
For identifying and reporting a security issue to BlackBerry:
- Frank Dick
- Zach Lanier of Veracode
- Bogdan Alecu
- Professor Keith Mayes and Lishoy Francis from the ISG Smart Card Centre, Royal Holloway, University of London
- Richard Leach of NCC Group
- Ivan Huertas
- Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers, reported via TippingPoint and the Zero Day Initiative
- Laurent Oudot of TEHTRI Security
- ElcomSoft Co. Ltd.
- ACROS Security
Previous Acknowledgements
For identifying and reporting a security issue to BlackBerry:
- Isaac Dawson
- Jean-Luc Giraud of the Citrix security team
- Sheran Gunasekera of ZenConsult
- OYXin of Nevis Labs, Aviram Networks, Inc.
- Mobile Security Lab
- CESG
- Ken Millar of Sensient Technologies Corporation
- Michael Thumann of ERNW
- Martin O'Neal and Stephen de Vries of Corsaire
- eEye Digital Security, working with US-Computer Emergency Readiness Team Coordination Center (CERT/CC)
- Sonic Solutions
- US-Computer Emergency Readiness Team Coordination Center (CERT/CC)
- FX of Phenoelit
- Imad Lahoud of the EADS Corporate Research Center IT Security Lab in France