Security Vulnerabilities

Responsible Disclosure of Security Vulnerabilities

At Freelancer, we do our absolute best to ensure that our website is as secure as possible. Keeping up with the latest in web security can be a daunting task and new vulnerabilities can appear in new and old products. Freelancer has an amazing community of very skilled users, particularly amongst the highly technical freelancers. We encourage users who find security vulnerabilities to report them to us as soon as possible.

Do not engage in damaging activity!

This includes any type of denial of service attack, viewing another user's data without authorization or modifying data without authorization.

Please make all vulnerability submissions to:
security-reporting@freelancer.com

Include the following information with your submission:

  • A proof-of-concept or demonstration showing the vulnerability
  • Detailed steps of how to reproduce the vulnerability
  • An e-mail address we can contact you on
  • Your Freelancer.com account (so that we can give you the White Hat badge of achievement!)

Please only send valid security vulnerabilities to this e-mail address, all other requests will be ignored (e.g. for support). If you wish to encrypt your submission, you may do so using the PGP public key found at: https://www.freelancer.com/info/WhitehatsPGP.txt


Submission Guidelines

Freelancer recognizes the importance of security researchers who contribute to the security of our website. To encourage bug reports to submit vulnerabilities to us, we will commit to not bringing a private action nor refer the matter for public inquiry against a bug reporter who follows these guidelines:

  • The vulnerability is reported to Freelancer via the official means (mentioned above) as soon as it is discovered
  • The vulnerability is not published anywhere before or after submission
  • The vulnerability exists on a domain owned by Freelancer (e.g. *.freelancer.com, *.freelancer.com.au, *.freelancer.co.uk, etc.)
  • The vulnerability is verified by our team
Recognition of Security Researchers

Researchers who successfully report a vulnerability may choose to be awarded in the following ways:

  • A name or company of their choosing published on the security hall of fame page
  • Be awarded a special 'White Hat' badge (shown above) for their Freelancer.com account, only obtainable by successfully identifying an exploit on Freelancer