Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries
None
<p><span data-contrast="none">Cyberdefenders are drawing accolades these days. First, the UK lead at the National Crime Agency (NCA), who coordinated Operation Cronos to take down LockBit, nabbed an </span><a href="https://securityboulevard.com/2026/01/operation-cronos-leader-gets-nod-from-king-charles/" target="_blank" rel="noopener"><span data-contrast="none">Order of the British Empire (OBE)</span></a><span data-contrast="none"> award from King Charles and now word that NASA has sent a thank-you letter to an independent Turkish researcher for discovering four vulnerabilities at the space agency.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":300,"335559740":240}'> </span></p><p><span data-contrast="none">Hasan İsmail Gülkaya</span><b><span data-contrast="none">, </span></b>28, reported the flaws through NASA’s Vulnerability Disclosure Program, providing detailed information and documentation. One of the flaws discovered by <span data-contrast="none">Gülkaya, a graduate of a vocational high school who specializes in industrial automation, would allow bad actors to access details of meetings of senior executives.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Calling NASA’s nod “great news,” Agnidipta Sarkar, chief evangelist at ColorTokens, said, “it highlights the potential of independent researchers to enhance global breach readiness.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And Sarkar praised NASA’s VDP for offering “a framework that protects the organization while respecting researchers’ rights, alleviating fears associated with security research.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The initiative, Sarkar explains, “marks a shift in how organizations should approach cybersecurity research, promoting ethical hacking instead of pursuing legal action against those identifying vulnerabilities.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":300,"335559740":240}'> </span></p><p><span data-contrast="none">The initiative, Sarkar explains, “marks a shift in how organizations should approach cybersecurity research, promoting ethical hacking instead of pursuing legal action against those identifying vulnerabilities.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“I find it refreshing that the program encourages responsible disclosure, motivating more researchers to come forward and contribute to a breach-ready world,” says Sarkar, noting that “overall it represents a significant shift from solving an isolated cybersecurity problem to helping build cyber defenses to address the next cyberattack as we head toward a more resilient digital landscape.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">NASA was able to fix the vulnerabilities before they were exploited.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The best performing bounty and disclosure programs prioritize a swift response to submissions—these are folks submitting their work into a corporate machine,” says Trey Ford, chief strategy and trust officer at Bugcrowd. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Stories like this warm the heart, an exemplary response to hard work, dignifying the humanity of the researcher making the internet, and the program (in this case NASA) safer,” says Ford. “Knowing you’re heard, knowing you’ve had an impact, and knowing you’re a part of something bigger…creating a shared sense of mission and purpose.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Will Bailey, senior defender at Ontinue, says the story “reinforces why responsible disclosure programs matter, not just for finding bugs, but for building trust between organizations and the global research community.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">When an agency with the gravitas of NASA “acknowledges a researcher’s work publicly, it sends a powerful signal that ethical hacking is valued, protected, and impactful,” he says. “For researchers, recognition like this is often more meaningful than a payout. It validates their skills, reinforces responsible behavior, and encourages continued collaboration rather than exploitation.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">For the young researcher, the letter of thanks is a potential career boost. “I reported four vulnerabilities to NASA about two months ago. They told me they would fix them and later sent a thank-you letter signed by NASA’s security chief. It was very exciting,” the Hurrivet Daily News </span><a href="https://www.hurriyetdailynews.com/nasa-sends-thank-you-letter-to-turkish-researcher-for-exposing-security-gaps-217395" target="_blank" rel="noopener"><span data-contrast="none">reported</span></a><span data-contrast="none"> Gülkaya as saying. “This letter strengthened my career, and I plan to continue in this field.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":300,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/turkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries/" data-a2a-title="Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fturkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries%2F&linkname=Turkish%20Security%20Researcher%20Gets%20Nod%C2%A0From%C2%A0NASA%20Over%20Vulnerability%20Discoveries%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fturkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries%2F&linkname=Turkish%20Security%20Researcher%20Gets%20Nod%C2%A0From%C2%A0NASA%20Over%20Vulnerability%20Discoveries%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fturkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries%2F&linkname=Turkish%20Security%20Researcher%20Gets%20Nod%C2%A0From%C2%A0NASA%20Over%20Vulnerability%20Discoveries%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fturkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries%2F&linkname=Turkish%20Security%20Researcher%20Gets%20Nod%C2%A0From%C2%A0NASA%20Over%20Vulnerability%20Discoveries%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fturkish-security-researcher-gets-nod-from-nasa-over-vulnerability-discoveries%2F&linkname=Turkish%20Security%20Researcher%20Gets%20Nod%C2%A0From%C2%A0NASA%20Over%20Vulnerability%20Discoveries%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>