mert tasci

mert tasci

Hello, my name is Mert.

full-time bug bounty hunter · #2 global rank

My background is in software. I spent years building things before I realized I enjoyed breaking them more, and I've been working in security full-time since 2015.

These days I hunt full-time on bugcrowd, hackerone and synack. Hacking still motivates me, quietly, every day.

Off the clock I'm endlessly curious: evolution, biology, space, music, anything that tries to explain why things turn out the way they do.

"We are a way for the cosmos to know itself."

Carl Sagan · Cosmos

Ink on the Calendar

spot the vacations.

fig. 1 · weekly activity, 2016–2026
lessmore

the 2026 row runs through the 31 may snapshot.

Counting Up

line goes up.

fig. 2 · cumulative reports

plot begins april 2016; the first reports (2014-15) are in the running total.

The Severity Ledger

mostly medium, occasionally catastrophic.

fig. 3 · by priority

405 unrated submissions excluded · ratings include duplicates.

Mentions

MVP Researcher of the Quarter 2019 Q4 · Top P1 Researcher 2019 Q4 · Bounty Slayer 2019 Q4 · Top P1 Researcher 2019 Q3 · Bounty Slayer 2019 Q3 · Bounty Slayer 2019 Q1 · Fourth Annual Buggy Awards, Finalist 2019 · Web Hacking 101: features my Twitter vulnerability 2018 · 3rd on Bugcrowd's monthly leaderboard 2018 Oct · 1st on Bugcrowd's monthly leaderboard 2018 Jul · MVP Researcher of the Year 2018 · Guest essay: finding IDOR for large bounty rewards 2018 · Interview on cyber-security, Red Bull (TR) 2017 · MVP Researcher of the Year 2016 · "Honored Bug Hunter", Top Kudos Points at the 2nd Annual Buggy Awards 2016 · 2nd on Bugcrowd's monthly leaderboard 2016 Nov · 1st on Bugcrowd's monthly leaderboard 2016 Jul · 2nd on Bugcrowd's monthly leaderboard 2016 Jun · 1st on Bugcrowd's monthly leaderboard 2016 May