Responsible Disclosure of Security Vulnerabilities
FreshBooks is committed to the privacy, safety and security of our customers.
FreshBooks aims to keep its service safe for everyone, and data security is of the utmost priority. If you are a security researcher and have discovered a security vulnerability in our product, website, or service, we appreciate your help in disclosing it to us in a responsible manner.
If you are a current customer
If you feel your account may have been compromised, or if you suspect fraudulent behavior, do not hesitate to contact our support team. Your issue will be investigated immediately and thoroughly.
If you are a security researcher or have discovered a vulnerability
PGP Key ID: 0xF7EB7EF0 PGP Fingerprint: A4D5 5735 A2E2 155D 9C69 61E6 A09C 214C F7EB 7EF0
- Please include as much information as possible in your report, including a way for us to reproduce the issue. “Proof-of-Concept” programs, tools, or test accounts that you’ve created are welcome.
- Please do not make your research or findings public (or share them with anyone) until we have had a adequate time to investigate and deploy a fix. We will notify you when the security vulnerability has been patched.
- Tell us how to identify you and your company (if applicable) so we may enshrine you in our Hall of Fame section below.
“Whitehat” security researchers are welcome. Though grateful for your research and proactive disclosure, FreshBooks does not tolerate the following:
- any attempt to access, modify or destroy a customer’s account or data
- any attempt to interrupt or degrade the services offered by FreshBooks
- any attempt to execute a “Denial of Service” attack
- any research that involves a violation of any applicable law
Breaching the above in any way will result in contacting the relevant authorities.
When researching or investigating our service, please create your own accounts to test with. Do not attempt to “break in” to other customers’ accounts.
The FreshBooks Security Team strives to be prompt in responding to security vulnerabilities and will try to respond within 48 hours to any report received. During our business hours, we will likely respond same day.
Hall of Fame
FreshBooks thanks the following Internet Security Superstars for their vigilance keeping the online world a safer place:
- Neil Anderson, Red Gate Software
- [J Gamble]
- Shubham Gupta
- Madhu Akula
- Apoorv Joshi @apo143u
- Vinay Jagtap
- Kiran Karnad
- Nitin Goplani, AirWatch by VMware
- Koutrouss Naddara
- Sriram (Sri H@xor!)
- Mohammed Fayez Albanna
- Osman Surkatty
- Mohamed Abdelbaset Elnoby
- Mohammad Naveed
- Shahmeer Amir
- Roberto Zanga
- Pradeep Kumar
- Siddharth Sharma
- Jay Patel
- Sumit Sahoo
- Muhammad Zeeshan
- Vikas khanna, hackerDesk
- Gurjant Singh Sadhra, hackerDesk
- Ali Tabish, @connect_tabish
- Arbin Godar
- Joel Melegritom
- Akash Saxena
- Jubaer Al Nazi, @ServerGhosts Bangladesh
- Mehmet Nurcan
- Kenan GÜMÜŞ
- Noman Shaikh
- Mansoor Gilal