Happy Holidays

Again, the year is racing to its end. Whatever you are planning for the next few weeks, X41 wishes you a lot of fun!

We performed several audits for OSTIF this year, among them for open source projects such as Hickory DNS, RSTUF, NGHTTP3/NGTCP2 and Ruby on Rails. With OSTIF celebrating their 10-year anniversary, we look forward to continue this partnership in the future.

But finding bugs is more than just a job for customers at X41, we also do our internal research for fun and to learn new things. This resulted in advisories for OpenSlides and ntpd-rs this year. Besides the advisories, some insight into mouse input for randomness was gained.

Sometimes advisories result in work we do at clients — not all clients want us to report issues upstream, most handle that themselves. This year we could finally bring the disclosure process for CGM Medico to an end.

Another research project that X41 made publicly accessible is BeanStack, a tool and database that allows you to extract version information from Java stack traces. The database got a huge update this year and will now be brought up to date on a more regular basis.

For those already yearning for some sun, meet us in February 2026 in Goa at Nullcon where we will give a training on the application security toolstack. Besides that, we are looking forward to the 20th hack.lu next year, a conference the team enjoyed in 2025 as well.

About X41 D-Sec GmbH

X41 D-Sec GmbH is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are security-centric code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.