No technology is perfect, and Fastify believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
Vulnerability is identified or Disclosed to the Fastify Security Team - We will endeavor to keep reporter / finder in the loop with all communications / events.
Your report will be acknowledged within 48 hours, and you’ll receive a more detailed response within 96 hours indicating the next steps in handling your report.
Additional Fastify collaborators are notified if it's not a self disclosure.
After a fix is made available, the public advisory is finalized and a CVE assigned.
If no fix is available after 90 days, the advisory will timeout and will be made publicly available.
All the GitHub repositories in the https://github.com/fastify organization.
Please refer to the individual repositories for individual security considerations.
All potential vulnerabilities of any of Fastify dependencies (including Node.js) are excluded.
This include considering all the source code of the application as trusted.
While researching, we'd like to ask you to refrain from:
Denial of service live/running services
Spamming
Social engineering (including phishing) of Fastify staff or contractors
Any physical attempts against Fastify property or data centers
Thank you for helping keep Fastify and our users safe!
Scope Type | Scope Name |
---|---|
web_application | https://github.com/fastify |
Firebounty have crawled on 2021-04-06 the program Fastify on the platform Hackerone.
FireBounty © 2015-2024