Details

Responsible Disclosure of Security Vulnerabilities

At Freelancer, we do our absolute best to ensure that our website is as secure as possible. Keeping up with the latest in web security can be a daunting task and new vulnerabilities can appear in new and old products. Freelancer has an amazing community of very skilled users, particularly amongst the highly technical freelancers. We encourage users who find security vulnerabilities to report them to us as soon as possible.

DO NOT ENGAGE IN DAMAGING ACTIVITY!

This includes any type of denial of service attack, viewing another user's
data without authorization or modifying data without authorization.

Please make all vulnerability submissions to: [email protected]

Include the following information with your submission:

A proof-of-concept or demonstration showing the vulnerability
Detailed steps of how to reproduce the vulnerability
An e-mail address we can contact you on
Your Freelancer.com account (so that we can give you the White Hat badge of achievement!)
Please only send valid security vulnerabilities to this e-mail address, all other requests will be ignored (e.g. for support). If you wish to encrypt your submission, you may do so using the PGP public key found at: https://www.freelancer.com/info/WhitehatsPGP.txt

Submission Guidelines

Freelancer recognizes the importance of security researchers who contribute to the security of our website. To encourage bug reports to submit vulnerabilities to us, we will commit to not bringing a private action nor refer the matter for public inquiry against a bug reporter who follows these guidelines:

The vulnerability is reported to Freelancer via the official means (mentioned above) as soon as it is discovered
The vulnerability is not published anywhere before or after submission
The vulnerability exists on a domain owned by Freelancer (e.g. *.freelancer.com, *.freelancer.com.au, *.freelancer.co.uk, etc.)
The vulnerability is verified by our team

#Recognition of Security Researchers Researchers who successfully report a vulnerability may choose to be awarded in the following ways:

A name or company of their choosing published on the security hall of fame page
Be awarded a special 'White Hat' badge (shown above) for their Freelancer.com account, only obtainable by successfully identifying an exploit on Freelancer

Responsible Disclosure of Security Vulnerabilities

DO NOT ENGAGE IN DAMAGING ACTIVITY! This includes any type of denial of service attack, viewing another user's data without authorization or modifying data without authorization.

Please make all vulnerability submissions to: [email protected]

Include the following information with your submission:

A proof-of-concept or demonstration showing the vulnerability

Detailed steps of how to reproduce the vulnerability

An e-mail address we can contact you on

Your Freelancer.com account (so that we can give you the White Hat badge of achievement!)

Please only send valid security vulnerabilities to this e-mail address, all other requests will be ignored (e.g. for support). If you wish to encrypt your submission, you may do so using the PGP public key found at: https://www.freelancer.com/info/WhitehatsPGP.txt

Submission Guidelines

The vulnerability is reported to Freelancer via the official means (mentioned above) as soon as it is discovered

The vulnerability is not published anywhere before or after submission

The vulnerability exists on a domain owned by Freelancer (e.g. *.freelancer.com, *.freelancer.com.au, *.freelancer.co.uk, etc.)

The vulnerability is verified by our team

#Recognition of Security Researchers Researchers who successfully report a vulnerability may choose to be awarded in the following ways:

A name or company of their choosing published on the security hall of fame page

Be awarded a special 'White Hat' badge (shown above) for their Freelancer.com account, only obtainable by successfully identifying an exploit on Freelancer