Version française en bas
English Version
Vehicle thefts - Insecure vehicles should be banned, not security tools like the Flipper Zero
Media Coverage
CBC: Banning hacking devices won’t prevent car thefts, security experts say
The Letter
Vehicle theft is an issue that affects us all collectively. As cybersecurity and technology professionals, we recognize the importance of acting rapidly to reduce its impact on Canadians. That being said, we believe the federal government’s proposal, particularly the prohibition of security research tools, is ill-advised, overbroad and most importantly, will be counterproductive.
Innovation, Science and Economic Development Canada (ISED) will pursue all avenues to ban devices used to steal vehicles by copying the wireless signals for remote keyless entry, such as the Flipper Zero, which would allow for the removal of those devices from the Canadian marketplace through collaboration with law enforcement agencies.
We believe this policy will not work because it rests on a misunderstanding of the underlying technology
This policy is based on outdated and misinformed technological assumptions, making it unfeasible to implement and enforce. Security tools like Flipper Zero are essentially programmable radios, known as Software Defined Radios (SDRs), a technology which has existed for years, and in some cases can be built using open-source or simple over-the-shelf-components. These radios are also fundamentally the same as those used in numerous devices across various sectors, including smart household appliances, drones and aerospace technologies, mobile phones and networks, as well as industrial control systems. Consequently, prohibiting such functionality is virtually impossible and could stifle the Canadian economy significantly.
We believe this policy will degrade national security, by incentivizing manufacturers to design insecure products, as security research is criminalized and right-to-repair is penalized
This policy fails to recognize that these tools are not the enemy, rather, insecure products are. Unlike decades ago when the industry relied on security through obscurity as a strategy, we now can attest that the democratization of security research tools is a balancing force for manufacturers to improve the safety of their products. Today, many industry actors rely on such research, just like we have Federal & Provincial1 government programs that support & reward security vulnerability disclosure that benefits us all. Implementing such a policy would have a chilling effect on these efforts, potentially undermining their positive impact on society.
Additionally, with bills such as C-244 (Right to Repair), that recently passed unanimously and C-294 (Interoperability) that gathered support from multiple parties, we believe this overbroad policy will penalize legitimate analysis and repair use-cases, that were just made available to canadians.
Finally, we believe this policy represents a waste of judiciary resources that could be better used to collaborate with experts from the cybersecurity industry to identify ways to prevent and deter such crimes
Because of the arbitrary nature of such a policy, we believe the judiciary system will be faced with a slew of litigious cases around the many uses of these security tools. Instead, these resources could be focused on creating constructive communication channels between cybersecurity experts, car manufacturers, insurers, and the judiciary system to identify ways to improve the security of automotive keyless entry and push-to-start systems, and enforce minimal levels of security for future products, as it is the case in other industries.
English version above
Version française
Trouver et contacter votre député
Couverture Médiatique
Le Téléjournal avec Céline Galipeau - Le 28 février 2024 - 40m40sec
Radio-Canada: Ottawa fait fausse route en bannissant les dispositifs de piratage, selon des experts
Lettre
Vols de véhicules - Les véhicules non sécurisés devraient être interdits, pas les outils de sécurité comme le Flipper Zero
Le vol de véhicules est un problème qui nous affecte tous collectivement. En tant que professionnels de la cybersécurité et de la technologie, nous reconnaissons l’importance d’agir rapidement pour réduire son impact sur les Canadiens. Cela étant dit, nous croyons que la proposition du gouvernement fédéral, en particulier l’interdiction des outils de recherche en sécurité, est malavisée, trop générale et surtout, contre-productive.
ISDE examinera toutes les possibilités pour interdire les dispositifs utilisés pour voler des véhicules en copiant les signaux sans fil du système de télédéverrouillage, tels que le Flipper Zero, ce qui permettrait de retirer ces dispositifs du marché canadien, en collaboration avec les organismes chargés de l’application de la loi.
Nous croyons que cette politique ne fonctionnera pas car elle repose sur une incompréhension de la technologie sous-jacente
Cette politique est basée sur des hypothèses technologiques obsolètes et mal informées, rendant son application et son exécution irréalisables. Les outils de sécurité comme le Flipper Zero sont essentiellement des radios programmables, connues sous le nom de Radios Définies par Logiciel, ou Software Defined Radios en anglais, (SDR), une technologie qui existe depuis des années et qui, dans certains cas, peut être construite en utilisant des composants open-source ou simples disponibles dans le commerce. Ces radios sont également fondamentalement les mêmes que celles utilisées dans de nombreux appareils à travers divers secteurs, y compris les appareils ménagers intelligents, les drones et les technologies aérospatiales, les téléphones mobiles et les réseaux, ainsi que les systèmes de contrôle industriel. Par conséquent, interdire une telle fonctionnalité est pratiquement impossible et pourrait étouffer considérablement l’économie canadienne.
Nous croyons que cette politique va dégrader la sécurité nationale, en incitant les fabricants à concevoir des produits non sécurisés, car la recherche en sécurité sera criminalisée et le droit de réparer pénalisé
Cette politique échoue à reconnaître que ces outils ne sont pas l’ennemi, mais plutôt que les produits non sécurisés le sont. Contrairement à il y a des décennies, où l’industrie s’appuyait sur la sécurité par l’obscurité comme stratégie, nous pouvons maintenant attester que la démocratisation des outils de recherche en sécurité est une force d’équilibre pour les fabricants pour améliorer la sécurité de leurs produits. Aujourd’hui, de nombreux acteurs de l’industrie s’appuient sur une telle recherche, tout comme nous avons des programmes gouvernementaux Fédéraux et Provinciaux2 qui soutiennent et récompensent la divulgation de vulnérabilités de sécurité qui nous profitent tous. La mise en œuvre d’une telle politique aurait un effet paralysant sur ces efforts, compromettant potentiellement leur impact positif sur la société.
De plus, avec des projets de loi tels que C-244 (Droit à la réparation), qui a récemment été adopté à l’unanimité et C-294 (Interopérabilité) qui a recueilli le soutien de plusieurs partis, nous pensons que cette politique trop générale pénalisera les analyses légitimes et les cas d’utilisation de réparation, qui viennent juste d’être rendus disponibles aux Canadiens.
Enfin, nous croyons que cette politique représente un gaspillage de ressources judiciaires qui pourraient être mieux utilisées pour collaborer avec des experts de l’industrie de la cybersécurité afin d’identifier des moyens de prévenir et de dissuader de tels crimes
En raison de la nature arbitraire d’une telle politique, nous croyons que le système judiciaire sera confronté à une multitude de cas litigieux concernant les nombreuses utilisations de ces outils de sécurité. Au lieu de cela, ces ressources pourraient être concentrées sur la création de canaux de communication constructifs entre les experts en cybersécurité, les fabricants de voitures, les assureurs et le système judiciaire pour identifier des moyens d’améliorer la sécurité des systèmes d’entrée sans clé et de démarrage par bouton-poussoir des automobiles, et imposer des niveaux de sécurité minimaux pour les futurs produits, comme c’est le cas dans d’autres industries.
Signatures
If you agree with this letter, please sign it and share it. Signatures are added to the site roughly once a day, manually.
Si vous êtes d’accord avec cette lettre, veuillez la signer et la partager. Les signatures sont ajoutées au site manuellement, environ une fois par jour.
Name/Nom | Title/Titre |
---|---|
Guillaume Ross | Deputy CISO, JupiterOne |
Pierre-David Oriol | Cybersecurity Product Executive |
Gabriel Tremblay | Cybersecurity CEO |
Nelson Lamoureux | School principal & CISO CSSMCN |
Axel Schulz | Director Cybersecurity Operations |
Émilio Gonzalez | Cybersecurity Professional |
Simon Carpentier | Information Security Principal @ Desjardins |
Dr. Alexander Dean Cybulski | Security Awareness Professional - Utilities Sector |
Patrick Mathieu | President, Hackfest Communication |
Nicholas Romyn | Security Architect |
Sivathmican Sivakumaran | |
Mike Lizotte | Offensive Security Consultant |
Laurent Chouinard | |
dystopie | |
Eric Hogue | |
James Arlen | |
Fernando Montenegro | Cybersecurity Industry Analyst |
Jean-Sébastien Delorme | NorthSec - VP Training |
Adam Anklewicz | Manager, IT Endpoint Engineering |
Tim Fitzgerald | Manager of IT Systems |
Sean | |
Charles Ferguson | |
Rahul | |
Nathan Beranger | Sr. IT Professional |
Guillaume Morissette | Guillaume Morissette |
Philippe M. | Technical Solutions Architect |
Sylvain P | |
Pierrick Vittet | Analyste en cybersécurité |
TUX | |
Laurent Desaulniers | |
Mat X | |
Brad Clare | IT Consultant |
Garth Boyd | Security Architect |
Serge-Olivier Paquette | Director of Innovation |
Dmitriy Beryoza | Senior Security Researcher |
Simon Nolet | Testeur d’intrusion transversaux |
Colin Stéphenne | Cybersecurity specialist |
Pavel Sushko | Chief Executive Officer |
Mandeep | |
Felipe Sáez | Security Engineer |
Clayton Smith | Security researcher |
salt | Analyste en sécurité informatique |
Simon Décosse | Team Lead Ethical Hacker |
Eric Beaurivage | Administrateur de systèmes et réseaux |
Alexandre Côté | Security Researcher |
Michael Jeanson | |
Lex Gill | Avocate |
Etienne Prud’homme | |
Eric Hebert | Information Security Professional |
Patricia Gagnon-Renaud | Cybersecurity Analyst |
Antoine Gauthier-Drapeau | Analyste en cybersécurité |
Sébastien Duquette | Director of Software Development, ex-Application Security Lead @ Devolutions |
Cyndie Feltz | Co-founder |
Jacob Diamond | Pentester |
Mark Cohen | CIO |
Adrian Christie | |
Francis Coats | Expert en sécurité |
Louis Nadeau | |
Martin D | |
Maxime Paradis | Analyste Technique |
Régis Belarbi | |
Simon Loiselle | Lead security advisor |
Simon Charest | Senior Software Developer and CEO at SLCIT |
Andrew Bellini | Author of Beginner’s Guide to IoT and Hardware Hacking |
V Daniel | Account executive |
Eric C. | |
Alex Kozin | |
Alexandre Blanc | strategical and security advisor |
Free Spirit | Bitcoin miner |
Felix Doyon | DevOps Engineer |
Alec Barea | Global information security director |
Vaidotas Brazauskas | |
Tom Ewan | |
Alexis D. | |
Eugene Grant | Security Principal TEC Ops |
Mitch M | |
Denis Lessard | |
David Guerin | |
Pier-Luc Moisan | |
Lee Brotherston | Infosec Rando |
Étienne Lévesque | Développeur web |
Gaspar-Sec | CyberSecurity Analyst |
Jean-François | |
Kenneth Gallagher | |
Bruno Morel | |
Cid Summers | |
Reda Baydoun | Sr. Principal Software Dev., CISSP |
Marc-Antoine Chabot | Technology expert, ECCC |
Sergey Faleev | Senior IT manager |
Neumann lim | |
Marc-Etienne M.Léveillé | Chercheur en logiciels malveillants |
Olivier Bilodeau | Président de NorthSec et Directeur de la recherche en cybersécurité chez GoSecure |
Benjamin Courchesne | |
Alexandre Larocque, P.Eng. | CEO @ Ardent Security |
Samuel A. | Application Security Analyst I |
Frédéric Fortin | Président, iconnek.io |
Marc Ouellet | |
J. Fournier | |
Auré | Serrurière |
Ben Renaud | Director, Cybersecurity, PetalMD |
Vincent Le Hémonet | Consultant sécurité réseau |
C G | Cybersecurity specialist |
Mathieu Hetu | CEO - MH Service Technologies |
Maxim Chartrand | Chef d’entreprise, GTI Télécoms |
Maxime Labrecque-Raymond | Conseiller en cybersecurité |
Cedric Thibault | Partner & CTO |
Max Wot | |
Jean Rho | Integrateur, système de sécurité |
Jean-Michel V | |
Charles-Etienne Crevier | |
Steve Waterhouse | Professionnel en Sécurité de l’Information |
Fabrice Delor | Cybersecurity Architect |
Vincent lambert | |
Molon Labe | |
Gabriel Longpré | Analyste Sécurité & Réseau |
Marvens Decayette | Security analyst |
Werner Burat | Technical Solutions Consultant |
Flaster Jedd | Offensive security consultant |
Nicholas Milot | Co-Founder @Yack |
Bernard Bolduc | Conseiller en Cyber Sécurité |
Caido | Co-fondateur |
Marc-André Dumont | Cybersecurity Team Lead |
Philippe L | Cybersécurité opérationnelle |
Philippe Hamel | |
Pascal Fortin | PDG - Cybereco |
Guillaume Raymond | |
Patrick Davidson Tremblay | Directeur, Sécurité offensive, Simulation d’adversaires |
Steve Lavoie | Directeur TI, CISSP |
Stephane Pelletier | Application Security Analyst |
Émilien Pierru | Backend developer |
Guillaume Nourry-Marquis | Président Commit2Security Inc. |
Antoine Reversat | |
Maxime Carbonneau | Cybersecurity Professional |
Derek W. | Infosec Dude & Flipper Zero User |
Marc | |
Kastelo Caron | |
Simon Clavet | Programmer |
Sébastien Graveline | |
Sébastien Massé-Croteau | |
Jason M. | Cybersecurity consultant |
Danny Fullerton | CISO, VP |
Olivier Dion | |
Sébastien Huneault | Enseignant en Informatique |
anarcat | |
Sonia Fath | |
Alexandre Boyer | Lead info sec engineer |
Amandine Gagnon-Hébert | Associate Red Team Consultant - Mandiant, VP Engagement @NorthSec, prévention des méfaits > coercition |
Justin Brulotte | Senior AI Developper |
Fred Quenneville | Ethical Hacker |
Dominique | |
Trevor hough (loudmouth security) | CSO |
Martin Léger | Sysadmin |
Olivier Michaud | Technicien en TI |
Yvan Beaulieu PhD | Conseiller senior en sécurité de l’information |
Justin Lavoie | |
Philippe Panaite | Lead System Administrator |
Marc | Cybersecurity consultant |
Mark | |
Saïd Izawi | Security Solutions Architect |
Dany Boivin | FlippingForFlipper |
Jason Keirstead | |
LG Nobre | Cybersecurity professional |
Adam Shostack | Author, Threat modeling: Designing for Security |
Yohannes Aberacht | |
Marc Lefrancois | Lead Developer |
Jeremy Aube | |
Eric M. Gagnon | Chef D’équipe, Simulation d’adversaires |
Daniel Drouet | Tech investor and entrepreneur |
Tim Partridge | Senior Security Architect - IBM Canada LTD |
Oley V | |
Mathieu Saulnier | |
Ross Derewianko | Senior Staff Systems Eingeer |
Alexandre A. | |
Rob Wood | Founder |
Anne Katherine | |
Jason Ernst | Principal Software Engineer, PhD Wireless Mesh Networks |
Alexandre Guédon | Cybersecurity Professional |
Tom Gwozdz | |
Lee Nichols | |
Will Whittaker | |
Samer Essa | Information Security Manager |
Nicholas St-Jacques | Mr. |
Ty Lamontagne | |
Zachary M | |
Mike Clark | |
jeff woods | VP Software |
Daniel Lynch | Senior Cyber Security Advisor |
Trevor Orsztynowicz | |
Eric | |
Cody Trew | |
Kole Barnes | |
Christopher Reid | |
William Bergmann Børresen | William Bergmann Børresen |
Ssmidge | |
Philippe Dépelteau | IT & Cybersecurity Director |
Orin Johnson | |
Bort | Cybersecurity Analyst |
Christophe Langlois | |
Mike K | |
Katie H. | Senior Cybersecurity Consultant |
Adam White | |
Tyler Nicholson | |
Hugo Genesse | Cybersecurity Researcher, VP-Conference @NorthSec |
Jamie Bode | |
Olivier Laflamme | Principal Consultant @RedRainSecurity & Senior Red Team Operator @F500 - CISSP, BSCP, OSCP, CRTO, CRTL, EWPTX, ECPPT |
Ronan Scott | |
Tyler Austin | |
Kevin2600 | |
Jon alikakos | J@nnny |
Matt Moore | Mr. |
Ari | |
Lukas S. | |
Andrey Frol | Software Developer |
Noah Clements | Hacker |
AnonMan | Web Dev |
Malvin Din | Service Technician |
Simon Bouchard | CyberSecurity Analyst |
Andrew R. | |
Evan Brundritt | IT Specialist |
Olivier Caron | Cyber Security Specialist |
Haram Lee | random 11yro kid who wrote a full essay to Jonathan Wilkinson to save flipper |
Pat Papineau | |
Aiden | |
Andreanne Bergeron | Cybersecurity Researcher |
Bib | |
James Renken | Site Reliability Engineer |
Lucas Kovacs | |
the hacker | |
Jesse Poikonen | Mr |
Kienan S. | |
Anon | IT Service |
Francis Ouellet | Jedi Master |
Amar Juneja | Cybersecurity Consultant |
Mark Linton | |
Scott Flowers | |
Mike Burgener | VP Cybersecurity, Vancity Savings Credit Union |
Johnny Williams | JhonnyW55 |
J.A. Rogers | Consultant |
Wen | Director of Product |
Jarob Portillo | Dental Technician |
Sukh Panech | |
Daniel Beaulne | |
Andrew Simpson | Software Engineer |
Anonymous Z | Software Developer |
Ja d’Attaq | Pen Tester |
Phil Steward | Sr. Project Manager / Security Consultant |
Nandan Reddy S | |
James Taylor | |
Maryanne Francis | Mrs |
Jay Turla | Principal Security Consultant |
Dhruv Majumdar | |
Neelanjana Mandal | |
Jérôme Lebel | |
Faith M | Faith M |
Mohammed Shine | Shine |
J | |
Matthew W. | |
Sam G | |
Robert Brown | |
Flipper Lobster fishing guy | Captain flipper |
Harper Kelly | Mr. |
Tom Kemp | Dr. |
Andrew | |
Paul Crampton | |
“Uncle Harkinian” | Broadcast engineer |
Aria Burrell | Sr. Software Development Manager |
A.Gill | |
Elijah | |
Fukiro | |
htmlh4cker | |
Hunter Beachcow | |
Parker Koch | Parker Koch |
Leo Xu | |
Hamdi Bahrini | Application Security Analyst |
Flipper supporter | |
Snorre Trehjørningen Svedman | snorre@svedman.no |
Thomas Alonso | CTI Director |
Paul Benton | Director of IT |
Jake | |
Koen | |
François Proulx | Senior Product Security Engineer |
Paul R. | VP Operations, GGR Security |
MasterK | Mr. |
JP | |
Julien Desrosiers | Web developer |
Mike T. | |
Jay Radcliffe | Director, Medical Device Security |
Pavel Shirshov | |
Mitchell Schwartz | Developer and Process Designer |
Mark Hahn | sysadmin |
Guy Legault | IT tech |
Alexander | Information Security Officer |
Paul Reinheimer | President, WonderProxy Inc. |
Martin LG | Software Engineer - Flipper Owner |
D. Neto | Development Manager - Big 3 Banks |
Ian W | |
Robert Pouliot | System administrator |
Zkink | |
M.P | Quick question |
James (purpleidea) | Author of https://github.com/purpleidea/mgmt/ |
MS | |
Jeffrey Rau | Dr. |
Tyler Kuipers | |
Spyers | |
Fergus Argyll | 1337 h4x0r |
André Medeiros | |
M. Forget | |
J Rossy | Software Engineer |
Sam Bostock | |
Gerry Power | |
Huzefa Dargahwala | |
Anouar Mansour | Senior Cybersecurity Specialist |
Andrew Henry | Mr |
Félix Charette | Senior Application Security Engineer |
Rhenium | |
River White | Software Engineer |
Andrew Brown | Security Developer |
Jeremy Banker | Senior Security Developer @ VMware |
Tom Hotston | |
J. King | |
Laura Rodgers | |
Adrien Lasalle | NetRunner | @Speaker | Offensive Security |
Scott Hamilton | |
Tiger F | |
Paul Pereira-Brunner | |
Julian Maingot | Software Engineer |
Adam McDaniel | Technical Product Manager |
Vincent Dansereau | |
Elizabeth LC | IT Logistics |
Andrey Petrov | |
James Rycman | Software Development Manager |
Tom Strickland | |
Kyle Stevenson | |
Arthur Margulies | |
Daphne Reed | Senior Director of Security |
AAL | |
Ariadna Urazbaeva | |
Sultan Qasim Khan | Security Researcher |
Bryce Benn | Software Developer |
Jason Kaczor | |
Amin Shah Gilani | Software Engineer and Hobbyist |
Hugo | |
Nicolas Krause | |
James Weatherell | Technologist |
Samy Ghannad | Security Researcher |
Kevin Cox | |
Maxim Baele | |
Jonathan Villemaire-Krajden | Senior Software Developer |
Joey Coleman | Dr |
Nick Taylor | Manager, Infrastructure Security @ Shopify |
Jérôme Carretero | Embedded software engineering specialist |
Raf | |
Ryan Draga | DevOps/Application Security Engineer/Maker |
Michael Holloway | Systems Administrator |
Gabriel | Digital Autonomy Advocate |
Pierre-Nicolas Allard | Sr. Penetration Tester |
Michael Longval | MD |
Adam Schumacher | |
Ryan Luker | |
pelmen | |
Michael Perklin | |
Randy Saint-Louis | |
Thomas Kilbride | System on Chip Security Architect |
Aaron Janeiro Stone | Quantitative Analyst |
Martin | |
Mara | Miss |
Daniel Mitchell | Cybersecurity Practitioner |
Rob Keizer | Founder / CTO |
Aurabindo Pillai | Embedded Systems Engineer |
Sal Rahman | Software Development Engineer |
Brian Tammi | |
UTKU KARAASLAN | SW DEVELOPER |
Andrew Cohoe | Radio hobbyist |
Michael Saringer | Leader of Cybersecurity |
Carmen C | Cloud Solution Architect |
Mohit Chauhan | |
JF Godin | |
Albert R | |
Steve Eh | |
Andrew Dutton | |
Andrew Gibson | |
vilez | |
Brice Yangue | Cybersecurity student |
JohnF | |
Scott | |
Shanti Maharaj | |
Mitch A | |
Justin Unrau | Digital Literacy Librarian |
J Dunford | |
Mikkel Paulson | Former leader, Pirate Party of Canada |
SPACECADET | |
Beau Gunderson | CTO |
Aliaksei Sheshka | |
Brandon | |
Sacha Mallais | |
Mathieu Morrissette | Application Security Lead |
David Kiddell | IT Coordinator |
Karim Yaghmour | CEO / Author / Speaker / Consultant |
Ryan Barber | Software Technologist |
André M | Software Architect |
Jared T. | |
Asad Osman | hobbyist programmer |
Helene S | |
Adam M. | |
Aiden Fox Ivey | University of Waterloo - Computer Engineering |
Callum Hay | |
Keith Daser | |
Danielle De Leo | |
Damian Zaręba | Mr |
Jeff Lavoie | Software Developer and Researcher |
Paul H | |
Olivier | |
Ethan Henry | |
Taylor L | |
Alex.S | Software Engineer |
XK | |
Korran Nielsen | Staff Software Engineer at Google, security |
Jonathan Tougas | |
Charles B | Software Developer |
mlavgn | |
LeeW | |
Mario M | |
P B | Tier 3 Infrastructure Support Technician |
Robert Xiao | CS Professor @ UBC |
Vianney Gall | Cyber security analyst |
Owen Anderson | Software Developer |
Kelly Banman | Software Engineer |
Mike Gozzo | Chief Product & Technology Officer, Ada |
Andrew Beeler | Mr. |
Cindy “Sinderz” Jones | |
Nelson Asinowski | Leturer in Computer Support |
Jamie F | |
Eric Sedore | information Security |
Abdelhakim Q. | Software Developer |
Nasheed Ur Rehman | |
Ross Zurowski | Designer & Technologist |
Chris Foster | |
A.K | Software engineer |
Saave Da Phlipper | Lord. |
Bernard Lebel | Directeur - Cybersécurité des TO |
E. Calderon | Penetration Tester |
Espagne | |
Stefan Timotijevic | Hackers Without Borders |
Thomas Foubert | DevSecOps Engineer & Pentester |
Vincent Salamanca-Gagnon | Software Developer |
Benjamin Dupuis | Ingénieur cybersécurité |
Matthieu Borgraeve | IT lead |
Laurent Dumont | Senior Cloud Architect |
Thomas Thetank | Engineer |
Justin Duval | IT Specialist |
Tyler Ratliff | Security Researcher |
Lucien Dubois | |
Jerome Tremblay | Architech TI |
Mikhaël E. | |
RICHARD Corentin | Industrial Software Engineer |
Sean | I.T. Specialist |
Hakim Sid’Ahmed | |
JollyMongrel | Researcher |
Stéphane Beniak | |
Josué Almeida | Software Developer |
Noah Bailey | |
Nathan Van Ymeren | |
Steve Brecht | Software Developer |
caleb | dev |
Flederossi | |
Baker | |
Alex | Cyber Threat Hunter |
Philippe Dugre | Cyber Security Analyst |
Mark Strendin | |
Ayush Singh | Technical Lead |
Eli Ward | SRE |
Liam Wilkinson | Software engineer |
Chris T | |
AJ Magnusson | |
Eric Lacasse | Senior Developer |
Ellen Teapo | Software engineer, Apple Canada (opinions are my own and not my employer’s) |
Zack H | |
olivia | |
Louis-André Labadie | Product designer |
Mark Johnson | |
Brian McKee | IT Manager |
Paula Tejano | IT Specialist |
James Brunet | Instructor, Information Technology at Calreton University |
Mark Lee | Mr. |
Andre Courchesne | Consultant, Inventor, Maker |
Greg P | |
Colin Fletcher | |
Simon Erlic | |
Raphael Schmidt | Mr. |
Edgar Wideman | Software Dev |
Patrick Gibson | Senior Software Developer |
Nikos korompos | Senior software and systems engineer |
Tyler Montgomery | Please don’t ban Flipper Zero or other similar devices!!! |
Peter Soava | |
Evan Brynne | Software Engineer |
xdnc3 | the government doesnt know how technology works, and is using the flipper zero as a scapegoat |
John Rampelt | |
IntangibleMatter | |
cqb | |
Anonymous Canadian | Software Engineer |
Michael McKay | Commercial director |
Aaron | Programmer |
Josh Nagy | |
Charlie Hall | |
Tomas | |
Steven Lachance | |
Steve Scott | Information Security Professional |
Matt Moor | |
Pascal Charest | Senior Engineering Manager, Trust & Security |
John Wynen | |
Julian Webb | CompTech, SysAdmin, NetAdmin |
Alexandre “alxbl” Beaulieu | Staff Software Developer |
Lucas L. | Cybersecurity student |
Punit Daga | |
Alex Richards | |
Julien Richard | |
Ryan McAfee | Principal DevOps Engineer |
Maeve Sproule | |
Donald Beveridge | |
Manas Gupta | |
Mario Di Bacco | |
Emma Segal-Grossman | |
Mark Rose | |
Tyler Fisher | Senior Information Security Analyst |
Hogg | Mr. |
Karsten Johansson | Sr. Information Security Advisor |
V | |
Andrew Clapham | |
Francis Lacoste | Cybersecurity manager |
Ryan Bunker | Director of Product - Byos |
Hugo Velazquez Perez | |
Brendan Campbell | |
Christopher Schafer | |
Brad | |
J. Lauzon | |
Michael MacLeod | |
Kent Richards | Software developer |
James | |
Blaine Halee | |
Guillaume Couture-Levesque | |
Ben Koshy | Technologist |
Bobby Mac | Savetheflipper |
Royce | |
Jake Tivy | |
Nim | Nim |
Kal | |
Travis Kay | |
Vitaly Fomin | SE, Tech enthusiast |
Matt Cutts | |
Jon M | |
Adam | |
Nick B | |
Andrej Vasilj | |
Vasile Marin | Student in computer science |
Kent Worsnop | |
Anonymous | |
Arnold T. | |
Brendan Ragan | Software Engineer |
dork24 | |
Samuel Hinkel | |
Antoine Turgeon | |
Jake Evans | IT Specialist |
Chris Capobianco | Team Lead at Arctic Wolf Networks |
Hriday Balachandran | CISO and VP of Technology, DC Group |
Cedric M | |
fxgn | The tomato demon |
Ryan West | Director of Infrastructure Engineering |
Akshay Joshi | |
Concerned Citizen | |
Jonathan Sid | Jonathan |
Vivian Lee | |
Rudi Jubran | |
Nathan Friend | Software Engineer |
Mickael E | Consultant en securité informatique |
Dylan Beaulieu | IT technician |
Dh | |
Frank | |
Sean Hodgins | |
Radin Najafi | |
Andrzej Głuszak | |
Woongbin Kang | |
John Power | |
Martin S | Software Development Student |
Dan Scanlon | CTO, Genesis XYZ, Inc. |
Max Lee | |
Ryan Simmons | |
Ailo | |
jack | jnmd |
Bernardo Kuri | |
Behnoud Givehki | |
Rajas Sambhare | |
Austin Huang | CS student, McGill University |
Jade | Tech Enthusiast |
Kyle Fox | DEFCON Furs Badge Lead |
Thomas Gwynne-Timothy | Engineer |
Evan Zaplachinski | Cybersecurity student |
Matt McKinnon | |
Vishal | |
Joel DeTeves | |
Jeremy | |
C G | |
Frank C | Security Consultant |
Andre D | |
Stephen Bourne | |
Rtepet | |
J.Z | Researcher |
Peter Cai | Systems Software Developer |
Kris Pucci | |
Usama S | AI Researcher |
Jeff L | Researcher |
Vanessa Henri | Cofounder, Cybersecurity Law Firm |
Bassam Moussa | Cybersecurity Researcher |
Eric D. | |
Lys | Ms |
Vincent Mercier | |
Jack Van | |
David Munoz | |
Jason Walron | Software Architect |
James David | |
Aleksi Sapon | Software Developer |
Daniel | Cybersecurity Student |
Sakura H. | |
Geoff Denning | |
Igor Magun | |
Brandon D | Cybersecurity Student |
Carl | |
Daniel S | |
James C | Security and ISP engineer |
NetCat | Security Analyst |
Hantatu Bujklaĉ | Sro. |
Joshua Novak | |
Michael Coulter | |
Evan M | |
Harsh Makwana | |
Anthony D | |
Nabil | |
Ezra Lazar | Software Developer |
Alexandra R | |
B Bauman | |
Joni Virtanen | |
Himanshu Anand | Security researcher |
Straithe | |
Dunc S | |
Mark Jenkins | Information technologist and hackerspace organizer |
Kamache | |
Adrian | |
0xless | |
Sean Scrivener | Senior Security Analyst and Lead |
Ovidiu E | Ovidiu E Ro |
Martin Herfurt | IT-Security Researcher |
Kekko | |
Tim Perry | |
Cem Usta | |
Björn Hansson | Bjorn |
Jean Snyman | Security Research Engineer |
James Christopher Wise | Hobbyist programmer |
David Jones | Data Steward |
Christian Bourgeois | IT Specialist, Cybersecurity learner |
Seth M | |
Logan MacLaren | Cybersecurity engineer |
Egor Egorov | |
Trevor Baker | server Administrator |
Zak Zaini | Product Security Architect |
Miguel | |
Gabriel Theuws | Développeur d’applications |
Don Johnson | Security Engineer |
Bram | CTO |
ERIC PARENT | CEO EVA Technologies |
quantum_ghost | |
Elijah Reale | |
Tim King | Cyber Researcher & Educator |
Ilya Yatsenko | Student |
Krzysztof Hajdamowicz | Mr |
Nathan Einwechter | Sr. Director, Security Research |
Jeff Courteau | Architecte Réseau |
Pierre-Luc Auclair | Développeur |
Jean-Christophe Giguere-Moreau | Conseiller Cybersecurite |
Alexandre Boily | Spécialiste DevOps |
Alex Major | Professionnel en Cybersécurité |
Xavier A | |
St-Louis-Hebert | |
Yannick Gagnon | Conseiller en sécurité de l’information |
Gaëtan Trellu | Solution Architect |
Pierre-Marc | |
Aramis Veillette | |
Anthony St-Pierre | IT operations manager |
Francis G St-Pierre | Analyste en cybersécurité |
Andre Brissette | CISO |
Nicolas Deschenes | ingénieur de projet |
Kevin Tremblay | Senior Cyber Security Consultant |
Jean-Philippe Jodoin | Développeur logiciel |
Nicolas R. | Software Engineer |
Ludovic Bédard | |
Mathieu Mitchell | |
Alexandre Charron | |
Philippe Goudreau | Architecte infrastructure |
Simon Boyer | |
Olivier Martin | |
bauve | |
Blank | Pentester |
Emilie Rollandin | Senior Software Developer |
Mathieu Therrien | VA2IO |
Benoit Larocque | |
Olivier Lemoine | |
Glenn Thibault | Analyste IT |
Alex Cormier | |
Tom R | Technical Engineering Manager |
Éli Hamel | |
Emilie Rollandin | Senior Software Developer |
Xavier Groleau | Développeur embarqué |
Pascal L. | |
Arnaud Landry | Consultant en cybersécurité |
Cynthia L. McLaughlin | Software Developer |
S. Bélanger | Ingénieur en cybersécurité OT |
Mathieu R. | |
Alex Tardif | Systems Engineer, Palo Alto Networks |
Walan Brousseau | Étudiant en Génie Informatique |
Étienne Sadio | |
Franck Glebocki | Architecte Securité |
Javier Escobar de la Paz | Conseiller principal, sécurité de l’information |
Alexandre Letourneau | Consultant Cybersecurité |
Pierre Métras | Bidouilleur amateur |
Maxime S. | Développeur |
Danny Boivin | Analyste en Cybersécurité |
Jules ROTILIO | |
fbreton | citoyen du monde |
Danny S. | |
David Cohen | Consultant Technologique |
Patrick Hamel | Systems Engineering Manager |
Félix Quenneville | Consultant en cybersecurité |
h3xit | InfoSec Tech Lead |
Carl Patenaude-Poulin | Développeur logiciel |
Dominic Villeneuve | System administrator / cybersecurity analyst |
Maxime Beauchamp | |
Romain | Cybersecurity Analyst |
JcB | Mr. |
Claude Roy | Claude |
Hernandez Pierre | Conseiller Cyber-sécurité |
Raphael Lanouette | |
Jean-Michel plourde | |
Mathieu Lachaîne | Chef de la technologie |
Jeff Gorchynski | |
Constantin Buruiana | Software Developer |
PRB Hughes | |
Boris C | Tech Leader |
Mansour | |
Devon | Senior Engineer |
Hussein Jafferjees | |
Darren Yung | |
Artur L. | |
Brandon Marshall | Offensive Security Researcher |
Frederic Bilodeau | Student |
Sven Neuhaus | Senior security engineer |
Cass O | Information Security Architect |
Aaron M | Software Developer |
Charles | Cybersecurity Expert |
David Roizenman | Software Engineer |
Joseph T. | |
Benjamin Miller | Cybersecurity professional |
Ryan Higgins | Lead Systems Analyst |
Todd Schertzing | Cyber Security Consultant |
Fred Ladouceur | Offensive Security Consultant |
Mohammed Anush | Red Teamer |
Dan Forget | Technical Solutions Consultant |
Andre S | |
Zack Hatfield | |
Tanner Marks | |
David L. | |
Susie | |
NikolayM | Software developer |
Gildas Cotomale | |
Johan | |
Daryl | |
Gregory Huard | |
Ray Otis | |
Yannick F. | |
Stuart Seeley | |
Sooshi | |
Jean-Francois Paré | IT Manager |
skimie2 | |
Fred | SME Head of Security |
Amir Ab | Entrepreneur/ Robotics Research and Development startup company |
mh | |
Darren Bell (Loudmouth Security) | Technical Project Manager |
Brennan C | |
Eric | |
Soki The Rexouium | Soki The Rexouium |
Louise Powell | Penetration Tester |
Pierre-Louis Proulx | Professionnel en cybersécurité |
Ryan Torrance | |
Pier-Luc Maltais (ramsexy) | Bug bounty hunter |
Antoine | |
Mason | |
Nicolai strukoff | Mr |
Marius | IT Admin |
Bryan Jeal | |
Harry Elmokyan | |
Julien Duranleau | |
Lucie Baillargeon | |
John Gosset | Software Development Manager |
Alexis | Analyst developer |
Mark Rohen | |
Martin Renaud, CISSP | Martin Renaud, CISSP |
François St-Arnaud | Embedded Cyber Security Specialist |
Sam Curry | Security Researcher |
Jakub B | |
Rivers | |
Simon Bernier | Security Developer |
Jason Y | |
Aaron hayes | |
Jonathan Couture | |
Nick Waterman | Senior Technical Director, Security Researcher |
Brad Cees | |
V.Lessard | |
James Gourdine | Anonymous |
Talesh Seeparsan | Founder Bit79.ca |
Abdulfatah | |
Jimmy Ups | Hobbyist |
Michael S | |
Denis | |
Nicky Dev | Bug Bounty Hunter |
Brock L | |
Samuel Plante | Pentester |
Johnathan Drozdowski | Senior Red Team Specialist, Canada Life |
Sebastien R. | Information Security Analyst |
K4YT3X | Security Researcher |
Teodor P. | |
Kyle Creelman | |
Mumble | Happy Feet |
Josh Holden | |
The Area 51 Rider | |
Danny Tran | Software Developer |
Dan H. | |
Artem | |
Ryan C | AppSec engineer / researcher |
Alex Dow | Perpetual Learner |
Phrancoua | Cloud security consultant |
Shannon Cossette | |
Cynthia Bruce-Marzenska | Ms. |
Wojciech Pilch | |
Ron Mélotte | Lecturer in Cyber Security |
Joey Lord | |
Hugo | Fullstack Web Developer |
Christoph Hebeisen | Director, Security Research |
David Lagacé | |
Daylen | Cybersecurity student |
William Corcoran | Penetration Tester |
Kyle Loree | |
Shadowharvy | |
Paul Hart | |
Alaam Amershi | Mr. |
Ian Phillipchuk | |
Latex | |
Edmon Abdul Nur | |
pestobest | Computer scientist |
Joanna R | |
enni | |
Jesse Emond | Senior Software Engineer |
Roman | |
Franck Jeannot | Cybersecurity Specialist |
Dominic Villeneuve | Cybersecurity analyst |
Phil Thibault | Manager, Cyber Security Architecture |
Dan | Tinker, tech enthusiast, airplane mechanic, dad |
Hunter david Nixon | Mr |
Jasmin Pare | Infrastructure Architect |
David Laganière | P.Eng., ing. |
Gagan Jattana | |
Chet N. | Security Analyst |
Kevin Gagnon | Enseignant |
Will | |
Rob Kerr | |
Rob Kerr | Web Developer |
Nico | LoudSoftware |
Nicolas Znamenski | Cybersecurity Consultant |
Mark Zuzarte | Sr. Director - Application & Offensive Security - BDO Digital |
Leon | |
Alex Simpson | Electronics Techinican |
A.J. Potrebka | Founder, Campfire Technology |
Grabitel | |
Amanjeev Sethi | Software Engineer |
Barry | |
Mahira Mohtashami | |
Pyton | Security Enthusiast |
D. | |
Ollie B | |
Guillaume | |
Gabriel Guzman | Encourager of Awesome |
Justin Fangrad | Senior Frontend Engineer |
Alaam Amershi | Software Developer and Cybersecurity Student |
Rusty Fisher | |
Zacharia Ellaham | Penetration tester |
Guy Moïse | Devops |
Hassen Jammali | Director, Cybersecurity and Compliance |
Jamie Cannon | |
Laurent D. | Cybersecurity Student |
S Campbell | Mr |
Mitra Mirhassani | Co director of SHIELD Automotive Cybersecurity Center of Excellence |
Richard Martin | |
P-M | |
Rob J | no |
Anastasia Campbell | Student IT & Cybersecurity Analyst |
Toby McGuire | |
Dr. Anthony Lai | Director & Researcher, VXRL |
Gregory Morton | Information Security Officer |
PAP | Mr. |
H0e4a0r1t | |
Thomas Bork | |
Zaynab B | |
Alex D | |
Vincent Yiu | Director |
Jade Null | Principal Security Consultant @ GlitchSecure |
Alex | |
Myriam Beauchamp | |
Gabriel Tessier | Cybersecurity manager |
Erin T | |
K.J. Wight | Red Teamer/Cybersecurity Professional |
Antoine Leblond | |
Mark DeBaets | |
Brnz2Thnk | Activist Wannabe |
Alex Zvaniga | |
Steven | Software dev |
Baptiste P | Senior Software Developer |
Steven Hamer | B.sc Physiques |
Travis Stewart | |
Anton Ad | |
Ueric Melo | Security Awareness Manager |
Guy Simard | |
Louis-Olivier St-Laurent | Software developer |
Alain Lefebvre | Cybersecurity Consultant |
Jason H. | Software Engineer Security Analyst |
Nicolas Girot | Tech Lead Developer |
Naomi Gilbert | |
Mathieu Chevalier | Principal Security Architect, Genetec |
Thib3113 | Software Developer |
Brad “RenderMan” Haines | |
Nicole Schwartz | |
Andrew Suter | |
Joe Bowser | |
Omkhar Arasaratnam | General Manager, OpenSSF |
Ash Mytchwall | |
Shira Wolven | |
Kanstantsin Bucha | |
Norbert Griffin | Penetration Tester |
Dustin Heywood | Chief Architect of X-Force |
Gr@ve_Rose | |
MichaelL | |
Pierre Desrochers | Principal Technical Analyst |
Jacquelin Martineau-Rousseau | Cybersecurity Consultant |
Brandon Eagan | |
Brendan F | Mr |
Sylvain Kirouac | |
Jonathan Chery | CyberSecurity manager |
Karthik Kumar Viswanathan | |
Matthew Peters | |
Léonard L Gagnon | Concepteur logiciel embarqué |
Nicolas Boulet | |
Sébastien Lapointe | CEO Cyberlaps |
Clément Cruchet | Technical Team Lead |
Pier-Luc Brault | Enseignant en informatique |
Jean Narrache | |
Jeff | IT project manager |
Pascal Roy | Software developer |
Law | |
Poinsard A. | |
Alexandre Huppé | Enseignant en informatique |
Ahmed Hadjeres | CTO @ oamo.io |
PAP | |
Mathieu G | Director, Security Fusion Center |
Philippe Lacroix | |
Guillaume Filion | Analyste en informatique |
MA | consultant en cyber sécurité |
Richard Laniel | Développeur de logiciels |
Emmanuel Durand | |
Etienne Boisvenue | Data Scientist, security practitioner |
SaveFlipper | |
Steve Rainville | |
Steve Mc Nicoll | Hobbyists |
Patrick CM | |
Christian Paradis | Senior Software Developer |
Guillaume Bacon | |
Lucas M | |
Maxime Bédard | Software Engineer |
Anthony Cyr | Consultant Cyber |
Michael Labrecque | Analyst - Automation / Web Developper |
Patrick Pilotte | Operational Security Team Leader |
Jacques Sauve | Consultant en cybersécurité |
Steve B | |
Jean-Philippe Décarie-Mathieu | Lead Cybersecurity Analyst // High tech low life dude |
Kevin Poulin | |
Vincent Chartier | Ingénieur informatique |
Claude Dupont | |
Jimmy Bell | CPI, Conseiller en tests d’intrusion |
P.A.P. | |
Pierre Jodoin | |
Augusto sosa escalada | IT |
Karan Aditya Ghoshal | Cyber Threat Intelligence Analyst |
Alexy Mantha | |
Max Leblanc | |
Richard Reiner | Managing Partner |
Eugen C. | |
JC Dansereau | Software engineer |
Jeff Cliff | Free Software Advocate |
Hariz Shirazi | iOS jailbreak developer, tinkerer |
Nolan | |
Matthieu | |
Pedro Miguel Sanchez | Researcher |
Kaitlyn | |
Jonathan | |
Wade Klaver | Sysadmin and Security Professional |
Ivy Fan-Chiang | |
Steven Deobald | CEO |
Brendan Dery | |
Chris | Staff Software Engineer |
Ryan Campbell | |
DeadlyFalcor | |
Ken Walters | Mr. |
M M | Software Developer |
Kurtis G | Software Developer |
Sid Choudhuri | Head of IT, Greenpeace Canada |
Peyre Pellissier | Mr |
Mickael Lavroff | Cybersec Expert |
Ben Z. | |
Alex | Flipper Fan |
Jonathan G | Account Executive - Cybersecurity |
Rob Masse | |
Nicolas Bouliane | network software engineering at CoreWeave |
Amy Gilson | Information Security Manager |
VRM | |
Vicky Diamantopoulos | President - Normalex Inc. |
Mark M | Cybersecurity Professional |
No. Thanks. | |
Matthew Armitage | |
Emilie St-Pierre | |
Gabriel | |
David Gagnon | |
Marc Godard | |
Dakota | |
Shinobi Maikan | Security enthusiast |
P. Ménard | Cybersecurity Director |
Martin Lemay | Cybersecurity Executive/Coach/Mentor |
Reid Hurlburt | |
CG | |
Shane S | Penetration Tester |
Jms | |
Miah Johnson | Server Operator |
Adam Barnett | |
Brandon | |
corbin carroll | |
Stéphane Graber | Owner, Zabbly |
Francis Breault | |
Mitch Breton | Security Analyst |
Christian | |
David Bilodeau | Penetration Tester |
Conor | |
Evan Pratten | |
Étienne | |
Aaron MacSween | security researcher |
Dominic Villeneuve | Director cybersecurity |
Jordan V | Software Developer |
Francis H | Cyber-Security Specialist |
Richard Perritt | Technology Professional |
Elias Turner | Full Stack Software Developer |
Ismael Filali-mouhim | Cybersecurity analyst |
Gerry Corcoran | |
Tom | Security researcher |
Jack Perry, CISSP | Jack Perry, CISSP |
Hypernova | |
DH | |
Chantell Petrell | |
James Bray | Software Developer |
Edgar | Security Engineer |
Farhad Davudov | |
Erik.P | Tech enthusiast |
Ali Kerman | |
Zach Schneider | IT Security Consultant |
Marco D. | |
Pierre Jodoin | |
G. Cliche | |
Tchepikoff Eric | |
Jean-Philippe Gauvin | |
Nicolas D. | Security analyst |
Gabriel St-Laurent | |
Raphaël Jobin | Analyste en cybersécurité |
Erwann Pondaven | Analyste principal GRC |
Marc Lachapelle | |
Yves Desharnais | Consultant en sécurité de l’information |
Sydney | Ms. |
Patrick Roy | Consultant en sécurité de l’information |
Yan Migneault | Recherchiste en CyberSecurité |
Phil | |
Frédéric Lemieux-Samson | Dans le monde vaste des TI |
Jonathan Lamarre | Développeur logiciel sénior |
Anne-Marie Faber | CMO |
Marc B. Sauro | |
Marc Andrew Landles | Lead Developer |
Thibault Barthelet | Data engineer |
Provincial examples: Quebec’s bug bounty, Alberta’s Vulnerability Reporting Program,British Columbia’s Vulnerability Disclosure Program ↩︎
Exemples provinciaux: Programme de prime aux bogues du Québec, Programme d’avis de vulnérabilités de l’Alberta,Programme d’avis de vulnérabilités de la Colombie-Britannique ↩︎