Vulnerability disclosures

At Frollo, we take cybersecurity seriously and recognise the important role security researchers play in enhancing our security measures. 

Our Vulnerability Disclosure Program allows security researchers who believe they have identified a cyber security issue or technical vulnerability that could impact the integrity, availability or security of our systems or services to report that to us.

We will use the information you provide to enhance our systems or services and may also use it to notify regulators and law enforcement agencies and to comply with applicable laws.

If you provide us with personal information, we may use it to contact you for further information to assist us in managing your report. For more information, we encourage you to review our privacy policy, customer data rights (CDR) policy, and security policy. These documents outline our personal information handling practices and provide guidance on how to submit privacy requests or raise any concerns.

While we welcome and appreciate legitimate security research, the following is prohibited: 

  • Attempts to modify or destroy  Frollo’s data or information
  • Attempts to access, use or exfiltrate information that you are not authorised to access
  • Use of social engineering or phishing
  • Clickjacking
  • Any action or activity that contravenes any law 

To assist us in understanding and addressing your concerns, it is essential that you provide us with detailed, factual information to allow for the reproduction of your findings. Specific and evidence-based reports help us identify and resolve potential vulnerabilities more effectively. Your collaboration is invaluable, and we are dedicated to learning about and addressing any security issues that you bring to our attention.

Send us your feedback

To report a vulnerability, please email [email protected].

  • Please include as much detail as possible, including your name and contact information,  an explanation of the vulnerability, including any affected URLs, the IP address used when you discovered the vulnerability, proof of concept code (if applicable), and the steps necessary to reproduce the vulnerability,   so that our security team can investigate further.
  • Whilst submissions can be anonymous, it will help us to confirm legitimacy if you provide your real name or link to an online biography. 

Frollo treats all information regarding suspected vulnerabilities seriously, and we will endeavour to validate your research and if necessary, mitigate the vulnerability as soon as possible. However, these matters can take time, and therefore, we ask that you do not disclose to anyone details about the vulnerability. 

Hall of Fame 

Frollo does not offer compensation for sharing security research. However, we are grateful to security researchers who report vulnerabilities. When a reported vulnerability is significant, we acknowledge their contributions by publishing their name on our website.