Security Research
Coordinated disclosures and security writeups by Ahmet Kazankaya (@kasparovabi).
Disclosures
| Date | Vendor / Product | Severity | Title |
|---|---|---|---|
| 2026-04-29 | BasedHardware / Omi | CVSS 10.0 (Critical) | Seventeen Vulnerabilities in Omi, Fourteen Days of Silence |
Methodology
Each writeup in this repository is published after:
- A private report through the vendor’s preferred coordinated-disclosure channel (typically GitHub Security Advisories).
- A reasonable window for the vendor to acknowledge, triage, and patch.
- A public-disclosure date communicated to the vendor in advance.
Where the vendor refuses to act, the disclosure window is shortened in proportion to the vendor’s behavior, the public exposure of the affected code paths, and the regulatory clocks that may apply to affected users (HIPAA, GDPR, SOC 2 audit obligations).
No proof-of-concept exploit code is published in this repository. Technical detail is sufficient to reproduce findings against the source code; no payload, weaponized scanner, or live-target tooling is included.
Contact
- GitHub: @kasparovabi
- Email: kasparovabi@gmail.com
- For security reports about my own code, please open a private GitHub Security Advisory on the relevant repository.