Security Vulnerability Report

Comcast Security: Responsible Disclosure Policy

Responsible Disclosure Philosophy

Comcast believes effective responsible disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between Comcast and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of Comcast customers, products, and services.

Security Researchers

Comcast accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Comcast defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.

Our Commitment to Researchers

Trust. We maintain trust and confidentiality in our professional exchanges with security researchers.
Respect. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.
Transparency. We will work with you to validate and remediate reported vulnerabilities in accordance with our commitment to security and privacy.
Common Good. We investigate and remediate issues in a manner consistent with protecting the safety and security of those potentially affected by a reported vulnerability.

What We Ask of Researchers

Trust. We request that you communicate about potential vulnerabilities in a responsible manner, providing sufficient time and information for our team to validate and address potential issues.
Respect. We request that researchers make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
Transparency. We request that researchers provide the technical details and background necessary for our team to identify and validate reported issues, using the form below.
Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues.

Vulnerability Reporting

Comcast recommends that security researchers share the details of any suspected vulnerabilities using the web form below. The Comcast Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution. To encrypt a submission via email, use the public key provided on this page.

Submission Form powered by Bugcrowd

Security Researcher Hall of Fame

Security Researchers – 2020 - Current

Security Researchers - 2019

Researcher	Profile
Joseph Thacker	bugcrowd.com/rez0
Farhan Kalsekar	twitter.com/frrhnn
Ben Chinoy	linkedin.com/in/ben-chinoy-55483736
Igor Barshteyn	linkedin.com/in/igorbarshteyn
David Calligaris
Mukesh Kumar	bugcrowd.com/theserpent
Osama Ansari	twitter.com/ansariosama10
Mrpeuch	bugcrowd.com/mrpeuch
Cameron Dawe	twitter.com/spam404online
Ahmed Alwardani	linkedin.com/in/alwardani
Carlos Eduardo Santiago	linkedin.com/in/carlos-eduardo-santiago-06945b18/
Thejus Krishnan	twitter.com/Tjz_kr1
Christopher Schneider	linkedin.com/in/christopherschneidersec

Security Researchers - 2018

Researcher	Profile
Mrpeuch	bugcrowd.com/mrpeuch
Sameer Phad	twitter.com/sameerphad72
Benson Cheek	twitter.com/bmdc25
Michael Skelton	twitter.com/codingo_
Samet SAHIN	twitter.com/sametsahinnet
Noah	twitter.com/thesubtlety
Er Quan	sg.linkedin.com/in/eqbang
Ali Razzaq	twitter.com/alirazzaq_

Security Researchers - 2017

Researcher	Profile
Alex Boese	https://www.linkedin.com/in/alexboese
Sean Durkin	linkedin.com/in/seanrdurkin
Justin Calmus	linkedin.com/in/jcalmus/
whatasec	twitter.com/whatasec
FogMarks.com	twitter.com/fogmarks
Shahar Albeck	twitter.com/l33terally
Maxwell Pereira	linkedin.com/in/maxwellpereira
Yash Mehta	linkedin.com/in/1yashm
Hamza Grindi	hackerone.com/hamza_g
Daniel Zhang	bugcrowd.com/danielzhang
Devansh Batham (infoziant Labs)	twitter.com/devanshwolf
Cody Zacharias	linkedin.com/in/codyzacharias
Ashish Kunwar	bugcrowd.com/dorkerdevil
Koen Rouwhorst	linkedin.com/in/koenrouwhorst/
Vineet Kumar

Encryption

Alternatively, you may send vulnerability submissions or questions to the Comcast Security Team via email to securitydefectreporting@comcast.com. Encryption key provided below:

PGP Key