52212 policies in database
Link to program      
2021-04-06
Fastify logo
Thank
Gift
HOF
Reward

Fastify

No technology is perfect, and Fastify believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.

  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Disclosure Timeline

  • Vulnerability is identified or Disclosed to the Fastify Security Team - We will endeavor to keep reporter / finder in the loop with all communications / events.

  • Your report will be acknowledged within 48 hours, and you’ll receive a more detailed response within 96 hours indicating the next steps in handling your report.

  • Additional Fastify collaborators are notified if it's not a self disclosure.

  • After a fix is made available, the public advisory is finalized and a CVE assigned.

  • If no fix is available after 90 days, the advisory will timeout and will be made publicly available.

Scope

All the GitHub repositories in the https://github.com/fastify organization.

Please refer to the individual repositories for individual security considerations.

Exclusions

All potential vulnerabilities of any of Fastify dependencies (including Node.js) are excluded.

This include considering all the source code of the application as trusted.

While researching, we'd like to ask you to refrain from:

  • Denial of service live/running services

  • Spamming

  • Social engineering (including phishing) of Fastify staff or contractors

  • Any physical attempts against Fastify property or data centers

Thank you for helping keep Fastify and our users safe!

In Scope

Scope Type Scope Name
web_application

https://github.com/fastify


Firebounty have crawled on 2021-04-06 the program Fastify on the platform Hackerone.

FireBounty © 2015-2024

Legal notices | Privacy policy