Responsible Disclosure of Security Vulnerabilities

Include the following information with your submission:

  • A proof-of-concept or demonstration showing the vulnerability
  • Detailed steps of how to reproduce the vulnerability
  • An e-mail address we can contact you on
  • Your Freelancer.com account (so that we can give you the White Hat badge of achievement!)

Please make all vulnerability submissions to:

security-reporting@freelancer.com

Please only send valid security vulnerabilities to this e-mail address, all other requests will be ignored (e.g. for support). If you wish to encrypt your submission, you may do so using the PGP public key found at: https://www.freelancer.com/info/WhitehatsPGP.txt

Do not engage in damaging activity!

This includes any type of denial of service attack, viewing another user's data without authorization or modifying data without authorization.

Submission Guidelines

Freelancer recognizes the importance of security researchers who contribute to the security of our website. To encourage bug reports to submit vulnerabilities to us, we will commit to not bringing a private action nor refer the matter for public inquiry against a bug reporter who follows these guidelines:

  • The vulnerability is reported to Freelancer via the official means (mentioned above) as soon as it is discovered
  • The vulnerability is not published anywhere before or after submission
  • The vulnerability exists on a domain owned by Freelancer (e.g. *.freelancer.com, *.freelancer.com.au, *.freelancer.co.uk, etc.)
  • The vulnerability is verified by our team

Recognition of Security Researchers

Researchers who successfully report a vulnerability may choose to be awarded in the following ways:

  • A name or company of their choosing published on the security hall of fame page
  • Be awarded a special 'White Hat' badge (shown above) for their Freelancer.com account, only obtainable by successfully identifying an exploit on Freelancer
  • Freelancer Security Submission Guideline White Hat Badge