Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries
We’re Hiring: Hacking Groups Recruit Teens While Feds Want to Ground Them
Cyberdefenders are drawing accolades these days. First, the UK lead at the National Crime Agency (NCA), who coordinated Operation Cronos to take down LockBit, nabbed an Order of the British Empire (OBE) award from King Charles and now word that NASA has sent a thank-you letter to an independent Turkish researcher for discovering four vulnerabilities at the space agency. Hasan İsmail Gülkaya, 28, reported the flaws through NASA’s Vulnerability Disclosure Program, providing detailed information and documentation. One of the flaws discovered by Gülkaya, a graduate of a vocational high school who specializes in industrial automation, would allow bad actors to access details of meetings of senior executives. Calling NASA’s nod “great news,” Agnidipta Sarkar, chief evangelist at ColorTokens, said, “it highlights the potential of independent researchers to enhance global breach readiness.” And Sarkar praised NASA’s VDP for offering “a framework that protects the organization while respecting researchers’ rights, alleviating fears associated with security research.” The initiative, Sarkar explains, “marks a shift in how organizations should approach cybersecurity research, promoting ethical hacking instead of pursuing legal action against those identifying vulnerabilities.” The initiative, Sarkar explains, “marks a shift in how organizations should approach cybersecurity research, promoting ethical hacking instead of pursuing legal action against those identifying vulnerabilities.” “I find it refreshing that the program encourages responsible disclosure, motivating more researchers to come forward and contribute to a breach-ready world,” says Sarkar, noting that “overall it represents a significant shift from solving an isolated cybersecurity problem to helping build cyber defenses to address the next cyberattack as we head toward a more resilient digital landscape.” NASA was able to fix the vulnerabilities before they were exploited. “The best performing bounty and disclosure programs prioritize a swift response to submissions—these are folks submitting their work into a corporate machine,” says Trey Ford, chief strategy and trust officer at Bugcrowd. “Stories like this warm the heart, an exemplary response to hard work, dignifying the humanity of the researcher making the internet, and the program (in this case NASA) safer,” says Ford. “Knowing you’re heard, knowing you’ve had an impact, and knowing you’re a part of something bigger…creating a shared sense of mission and purpose.” Will Bailey, senior defender at Ontinue, says the story “reinforces why responsible disclosure programs matter, not just for finding bugs, but for building trust between organizations and the global research community.” When an agency with the gravitas of NASA “acknowledges a researcher’s work publicly, it sends a powerful signal that ethical hacking is valued, protected, and impactful,” he says. “For researchers, recognition like this is often more meaningful than a payout. It validates their skills, reinforces responsible behavior, and encourages continued collaboration rather than exploitation.” For the young researcher, the letter of thanks is a potential career boost. “I reported four vulnerabilities to NASA about two months ago. They told me they would fix them and later sent a thank-you letter signed by NASA’s security chief. It was very exciting,” the Hurrivet Daily News reported Gülkaya as saying. “This letter strengthened my career, and I plan to continue in this field.”
About Author
