 I'm going to tell you about another year of our HackerOne statistics and let me start with people that don't know what HackerOne is. It's a bug bounty program that we chose to use and for the buzzword bingo we used the crowd to find security issues and the main purpose of HackerOne for us is that it provides a secure and easy way to communicate with hackers that find issues in our software. So, on to the statistics, over the last 12 months we had 167 close reports, which sounds very impressive but as you can see on the pie chart only 36 of those we actually marked as being solving some thing we found as a real issue and also it contains some of the hackers that found issues in, for example, the security setup of one of the websites we run, so not directly related to the NextCloud software but they're all reported in the same HackerOne project. So, more numbers, we paid out almost $2,300 in bounties, 16 of the 36 bucks qualified for a bounty under the conditions we have set and so on average it's $142 we pay out but the medium bounty is $100, so there were one or two that got a bigger bounty but most of the things are more hardening issues they found but we still like to fix those, of course. So to give you a quick example of a security issue that was submitted and has already been disclosed so we can talk about it, so there was an issue where if you use the file access control app under certain circumstances you could still see previews of the files that you were not supposed to see and so that report was submitted in end of May and it was a very nice report, had a clear description of the problems with detailed steps how we could reproduce it and that's why the timeline when that happens kind of looked like this so the book was reported on the 28th of May and then on the 29th we looked into it and we noticed that we could reproduce the issue which always helps a lot and so we had a patch ready the day after and the hacker was very responsive and verified that the patch worked then the hacker was already paid also in the beginning of June and it was fixed if you remember correctly we released a new maintenance release right around that time so two weeks later the report was disclosed which is our standard policy because we believe we have to be transparent in the security stuff we do so to wrap up we strongly feel that the bug bounty program works because we get reports that make our software more secure and we're looking forward to any one of you that has a security finds a security issue in next loud of course we hope you don't find anything but if you do find them please submit them to our hacker one program thank you