Responsible Disclosure of Security Vulnerabilities
FreshBooks is committed to the privacy, safety and security of our customers.
FreshBooks aims to keep its service safe for everyone, and data security is of the utmost priority. If you are a security researcher and have discovered a security vulnerability in our product, website, or service, we appreciate your help in disclosing it to us in a responsible manner.
If you are a current customer
If you feel your account may have been compromised, or if you suspect fraudulent behavior, do not hesitate to our support team. Your issue will be investigated immediately and thoroughly.
If you are a security researcher or have discovered a vulnerability
If you think you’ve found a security vulnerability in FreshBooks, us immediately via [email protected] ().
PGP Key ID: 0x1D3189FA PGP Fingerprint: F95D 04F1 1B91 6B90 F4E5 BB6B B7A0 DA75 1D31 89FA
- Please include as much information as possible in your report, including a way for us to reproduce the issue. “Proof-of-Concept” programs, tools, or test accounts that you’ve created are welcome.
- Please do not make your research or findings public (or share them with anyone) until we have had a adequate time to investigate and deploy a fix. We will notify you when the security vulnerability has been patched.
- Tell us how to identify you and your company (if applicable) so we may enshrine you in our Hall of Fame section below.
“Whitehat” security researchers are welcome. Though grateful for your research and proactive disclosure, FreshBooks does not tolerate the following:
- any attempt to access, modify or destroy a customer’s account or data
- any attempt to interrupt or degrade the services offered by FreshBooks
- any attempt to execute a “Denial of Service” attack
- any research that involves a violation of any applicable law
Breaching the above in any way will result in ing the relevant authorities.
When researching or investigating our service, please create your own accounts to test with. Do not attempt to “break in” to other customers’ accounts.
The FreshBooks Security Team strives to be prompt in responding to security vulnerabilities and will try to respond within 48 hours to any report received. During our business hours, we will likely respond same day.
Hall of Fame
FreshBooks thanks the following Internet Security Superstars for their vigilance keeping the online world a safer place:
- [J Gamble]
- Apoorv Joshi
- Nitin Goplani, AirWatch by VMware
- Koutrouss Naddara
- Sriram (Sri [email protected]!)
- Mohammed Fayez Albanna
- Mohammad Naveed
- Shahmeer Amir
- Roberto Zanga
- Pradeep Kumar
- Muhammad Zeeshan
- , hackerDesk
- , hackerDesk
- Ali Tabish
- Joel Melegritom
- Jubaer Al Nazi
- Mehmet Nurcan
- Kenan GÜMÜŞ
- Mohammed Kaja Nawaz L J
- Ajay Kulal
- Kapil Soni (Haxinos) from Xowia Technologies
- Mehul Patil
- Suru Santhosh
- Parag Gupta
- Nitin Bangera