Vulnerability Disclosure Program

Vulnerabilities may be reported by emailing help+security@humans.fut.io. We are receptive and thankful for contributions that make FollowUpThen more secure. 

3rd party security research companies are given permission scan any aspect of the system such as endpoints, urls, ports, files forms and http methods – providing a rate limit of no more than 1 request for every 2 seconds is followed. Email help+security@humans.fut.io to request a higher scan rate.

We are serious about keeping our system secure. We developed FollowUpThen and related services using security best practices and regularly scan our system using Detectify.  Depending on the nature of your discovery, we can offer to you a free year subscription to a FollowUpThen premium account, and the possibility of future contract to work with us to improve the security of FollowUpThen and our related systems.

A bounty is not guaranteed, but we will consider it if you discover a serious vulnerability.

Guidelines
As noted above, throttle http requests one every two seconds maximum. Please do not attempt DOS attacks. Use only your own FollowUpThen account for testing.

Please send your findings to help+security@humans.fut.io