In light of recent malicious hackings seen in various places on the web, Heroku has announced their Security Researcher Hall of Fame. This hall of fame stretches back to 2011, aiming to pay homage to those who have found bugs and security issues within Heroku. They listed ground rules for hall of fame inductees as well:
"Customer applications are ineligible for multiple reasons. Very roughly, this means we don’t list reports for *.herokuapp.com, and aspiring researchers should look at *.heroku.com. This isn’t an absolute rule, however. Older customer applications (i.e., our deprecated “Bamboo” stack) are hosted in *.heroku.com. If you do find a security vulnerability in another customer’s application, please do still let us know. We’re happy to forward the report to the customer either with or without your contact information.
Only one listing per vulnerability. For duplicate reports, the first reporter wins. If necessary, we’ll check the timestamps.
Only one listing per reporter. For researchers kind enough to report multiple issues, we’re still figuring out how best to honor their contributions.
Heroku and Salesforce employees will not be listed in the Hall of Fame.
The decision to list a researcher in the Hall of Fame is made at the sole discretion of the Heroku Security Team.
We don’t offer cash rewards, but we can link to your personal or professional site, and we’ll mail you a stylish Heroku t-shirt." https://www.heroku.com/policy/security-hall-of-fame
Anyone who has ever found a bug or security flaw is urged to get into contact with Heroku, in order to receive some much deserved recognition.