Responsible Disclosure of Security Vulnerabilities
At Freelancer, we do our absolute best to ensure that our website is as secure as possible. Keeping up with the latest in web security can be a daunting task and new vulnerabilities can appear in new and old products. Freelancer has an amazing community of very skilled users, particularly amongst the highly technical freelancers. We encourage users who find security vulnerabilities to report them to us as soon as possible.
Do not engage in damaging activity!
This includes any type of denial of service attack, viewing another user's data without authorization or modifying data without authorization.
Please make all vulnerability submissions to:
Include the following information with your submission:
A proof-of-concept or demonstration showing the vulnerability
Detailed steps of how to reproduce the vulnerability
An e-mail address we can contact you on
Your Freelancer.com account (so that we can give you the White Hat badge of achievement!)
Freelancer recognizes the importance of security researchers who contribute to the security of our website. To encourage bug reports to submit vulnerabilities to us, we will commit to not bringing a private action nor refer the matter for public inquiry against a bug reporter who follows these guidelines:
The vulnerability is reported to Freelancer via the official means (mentioned above) as soon as it is discovered
The vulnerability is not published anywhere before or after submission
The vulnerability exists on a domain owned by Freelancer (e.g. *.freelancer.com, *.freelancer.com.au, *.freelancer.co.uk, etc.)
The vulnerability is verified by our team
Recognition of Security Researchers
Researchers who successfully report a vulnerability may choose to be awarded in the following ways:
A name or company of their choosing published on the security hall of fame page
Be awarded a special 'White Hat' badge (shown above) for their Freelancer.com account, only obtainable by successfully identifying an exploit on Freelancer